https://community.checkpoint.com/t5/Cloud-Firewall/Request-from-AWS-NLB-didn-t-enter-vpn-tunnel/m-p/59327#M2827 <P>Hi ,</P><P>&nbsp;</P><P>We are deploying a Transit VPC architecture right now.</P><P>we tried to publish a service via AWS NLB.</P><P>NLB would transfer the request to our Gateway ,and we setup a NAT rule to translate the destination to our internal server.</P><P>But we found the gateway did translate the packet but didn't transfer to the internal gw(in transit&nbsp; VPC).</P><P>&nbsp;</P><P>we tried to capture packets via tcpdump and fw monitor.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="01.png" style="width: 628px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2034i96B4F6616B9960C7/image-size/large?v=v2&amp;px=999" role="button" title="01.png" alt="01.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="02.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2035iAF2EE1F53C7B0FD4/image-size/large?v=v2&amp;px=999" role="button" title="02.png" alt="02.png" /></span></P><P>10.64.6.4 is NLB's addreess.</P><P>in tcpdump records,it seems the traffic sent out via physical interface?</P><P>in gw logs ,it didn't enter vpn tunnel but did NAT translation.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="03.png" style="width: 428px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2036i02925270283914F0/image-dimensions/428x321?v=v2" width="428" height="321" role="button" title="03.png" alt="03.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P> Wed, 31 Jul 2019 09:42:33 GMT Dawei_Ye 2019-07-31T09:42:33Z https://community.checkpoint.com/t5/Cloud-Firewall/Request-from-AWS-NLB-didn-t-enter-vpn-tunnel/m-p/59327#M2827 <P>Hi ,</P><P>&nbsp;</P><P>We are deploying a Transit VPC architecture right now.</P><P>we tried to publish a service via AWS NLB.</P><P>NLB would transfer the request to our Gateway ,and we setup a NAT rule to translate the destination to our internal server.</P><P>But we found the gateway did translate the packet but didn't transfer to the internal gw(in transit&nbsp; VPC).</P><P>&nbsp;</P><P>we tried to capture packets via tcpdump and fw monitor.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="01.png" style="width: 628px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2034i96B4F6616B9960C7/image-size/large?v=v2&amp;px=999" role="button" title="01.png" alt="01.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="02.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2035iAF2EE1F53C7B0FD4/image-size/large?v=v2&amp;px=999" role="button" title="02.png" alt="02.png" /></span></P><P>10.64.6.4 is NLB's addreess.</P><P>in tcpdump records,it seems the traffic sent out via physical interface?</P><P>in gw logs ,it didn't enter vpn tunnel but did NAT translation.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="03.png" style="width: 428px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2036i02925270283914F0/image-dimensions/428x321?v=v2" width="428" height="321" role="button" title="03.png" alt="03.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P> Wed, 31 Jul 2019 09:42:33 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Request-from-AWS-NLB-didn-t-enter-vpn-tunnel/m-p/59327#M2827 Dawei_Ye 2019-07-31T09:42:33Z https://community.checkpoint.com/t5/Cloud-Firewall/Request-from-AWS-NLB-didn-t-enter-vpn-tunnel/m-p/59348#M2828 Additional:<BR />Running R80.20GA in AWS. Wed, 31 Jul 2019 12:24:13 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Request-from-AWS-NLB-didn-t-enter-vpn-tunnel/m-p/59348#M2828 Dawei_Ye 2019-07-31T12:24:13Z