How do you add the route entry for the "Enforcement Point Gateway" on the Management Server?
A. Designate this gateway in the VPN community properties.
B. Update file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point gateway.
C. Edit file $FWDIR/conf/vpn_route.conf with a new route entry.
D. Edit peers’ WebUI to add a static route to the "designated enforcement point".
To add a route entry to the enforcement point gateway:
On the management module of each gateway in the community (except for the enforcement point gateway), add an entry in the $FWDIR/conf/vpn_route.conf file
These are the variable in the entry:
destination_community_obj – a network object for the combined encryption domain of the community
enforcement_point_gw – the gateway that is a member of both communities and transfers the encrypted traffic between them
managed_FW_object – all community members that are managed by the management module
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14048