As enterprises rely on SaaS or Cloud-based delivery models for business-critical applications, there is a compelling need for per-application policy enforcement without increasing remote office infrastructure. Traditional hardware-router based approaches are limited by heavy-handed ‘all or nothing’ policies for direct-to-internet versus policy enforcement per-application. Additionally, because router-based approaches are packet-based versus application-session based, they fail to meet application session-symmetry requirements, causing network and security outages.

This guide explains how to set up IPsec tunnels and service chain traffic from a Prisma SD-WAN ION device to Check Point’s Network Security-as-a-Service through the Prisma SD-WAN portal and Check Point’s Network Security-as-a-Service web-based management.

It is intended for network and security administrators who are responsible for cybersecurity for branch office users. These instructions are applicable to Prisma SD-WAN ION devices running version 4.7.1 and above.

This guide describes how to create a site at Check Point’s Infinity Portal, how to set up Prisma SD-WAN, and finally, how to monitor Cybersecurity events at Check Point’s portal.

In this guide, branch offices will be protected by creating two IPsec tunnels to Check Point’s Network Security as a Service. This involves signing in to the Check Point Infinity Portal, creating a site, configuring a router or SD-WAN device, and supporting more than one external IP address.

Read on to know more about how to sign into Check Point’s Infinity portal, create a site, configure your router, and support multiple external IP addresses.