Meraki

Community

Meraki Z3 and Checkpoint FW

Solved
k_from_brussels
Conversationalist
‎Mar 20 2018 2:54 AM
‎Mar 20 2018 2:54 AM

Meraki Z3 and Checkpoint FW

Hello,

 

We would like to use Z3 box as teleworker gateway from remote location (like home) for softphone and POE phone. We are running Checkpoint FW at the HQ.

 

How can we setup a VPN with a public ip which is not fix for the Z3 (xDSL)?

I suppose we can only use site-to-site VPN configuration (between Z3 and Checkpoint FW)

Do I miss something?

 

Thank you for your help and guidance

Regards,

K

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 20 2018 1:55 PM
‎Mar 20 2018 1:55 PM

Don't do this.  It is not worth the pain.

 

Get yourself another MX for your HQ and use AutoVPN.  You can keep your CheckPoint and put the MX "side by side".

View solution in original post

5 Replies 5
Uberseehandel
Kind of a big deal
‎Mar 20 2018 4:08 AM
‎Mar 20 2018 4:08 AM

This explains how it is done.

DDNS is used

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
In response to Uberseehandel
Adam
Kind of a big deal
‎Mar 20 2018 7:12 AM
‎Mar 20 2018 7:12 AM

Wouldn't the Z3 connect using Site-to-site VPN Non-Meraki VPN peers with your Checkpoint using its static IP?  The IP of the Z3 wouldn't really matter since it'll be reaching out to the Checkpoint to establish the tunnel.  Unless you need something on the Checkpoint side. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 20 2018 1:55 PM
‎Mar 20 2018 1:55 PM

Don't do this.  It is not worth the pain.

 

Get yourself another MX for your HQ and use AutoVPN.  You can keep your CheckPoint and put the MX "side by side".

In response to PhilipDAth
Adam
Kind of a big deal
‎Mar 20 2018 2:13 PM
‎Mar 20 2018 2:13 PM

I thought the same thing as @PhilipDAth, another MX would make this maintenance free. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
k_from_brussels
Conversationalist
‎Mar 21 2018 12:46 AM
‎Mar 21 2018 12:46 AM

Hello,

 

Yes, with Checkpoint FW (R77) we cannot use site to site VPN with dynamic ip, at least with using certificate - which is not feasible with Meraki Z. We will investigate to purchase additional MX as suggested.

 

In resume, if I am not wrong

 

-Goal is deploy Z3 on remote site (home running xDSL and dynamic ip), so we can connect softphone or physical poe phone (as teleworker gateway)

-Purchase new MX on HQ and use MX as VPN concentrator

-Traffic arriving from MX will be inspected by our Checkpoint FW before accessing the LAN

 

Thank you all for your support

Have a great day

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.