Configuring the centrally managed gateway
1. Create a new Externally Managed Check Point Gateway object in SmartDashboard.
2. In the General Properties page, select the "IPSec VPN" option.
3. Under Topology page, configure the External and Internal interfaces.
4. In NAT Advanced settings, select "Hide behind Gateway" option and select the Center machine as the entry for "Install on Gateway".
5. Go to IPSec VPN page and create a VPN Star Community (Must be Star Community). Set the centrally managed gateway as Center, and the externally managed Appliance object as Satellite.
6. Choose the required encryption methods.
7. Under Tunnel Management > select Set Permanent Tunnels.
8. To enable VPN routing for Satellites, go to 'Advanced Settings > VPN Routing' and select the following option:
"To center, or through the center to other satellites, to internet and other VPN targets".
9. Configure the Shared Secret in 'Advanced Settings > Shared Secret'.
10. In 'Advanced Settings > Advanced VPN Properties', select "Disable NAT inside the VPN community".
11. Configure the appropriate Firewall rules to allow the "Route all traffic", or simply allow all traffic under General settings.
12. Install Policy.
Configuring the SMB locally managed appliance
1. Go to 'VPN > Site to Site > VPN site' and create a new site.
2. Set the External IP of the Center Getaway, enter the matching Preshared secret that was defined in the Star Community.
3. Under Remote Site Encryption Domain, in the drop-down list, select "Route all traffic through this site "
4. In Advanced settings, select "Remote Gateway is Check Point Security Getaway", "Enable Permanent VPN Tunnels" and "Disable NAT for this site".
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.