topic Re: vpn tunnel active but no trafic flowing through in Cloud Firewall https://community.checkpoint.com/t5/Cloud-Firewall/vpn-tunnel-active-but-no-trafic-flowing-through/m-p/202914#M4549 <P>I think you are right, first step here should be upgrading the Azure gw latest recommended JHF.</P><P>&nbsp;</P><P>79 is fairly old and probably some behavior changes were introduced in later takes that are producint this issue</P> Fri, 12 Jan 2024 11:36:46 GMT Machine_Head 2024-01-12T11:36:46Z vpn tunnel active but no trafic flowing through https://community.checkpoint.com/t5/Cloud-Firewall/vpn-tunnel-active-but-no-trafic-flowing-through/m-p/202905#M4548 <P>Hi,</P><P>having something strange...</P><P>&nbsp;</P><P>Setup site-to-site vpn, onse side VSX cluster instance running R81.10 take 110, other side azure single fw running R81.10 take 78.</P><P>We see several vpn tunnels between the two are up.&nbsp; But sometimes we get complaints that there is no trafic flowing through.&nbsp; Typically this feedback comes from developers who are accessing some database in the specified subnet in Azure.</P><P>The issue appears and dissappears by itself.&nbsp; The source and destination subnets are not always the same.</P><P>An fw monitor shows us the trafic arrives on the VSX.&nbsp; But does not arrive on the azure gw.</P><P>Yesterday, i remarked that the affected tunnel started working again, at what i expect&nbsp; is the same time the tunnel is actually expiring (or what i believe is an ike renegotiation taking place?).</P><P>There's nothing being blocked, dropped or rejected in the logs.&nbsp; This environment has been running for at least ten years btw (altough upgraded, and the azure cloud connection was introduced a few years ago).</P><P>We use permanent tunnels, and seperate tunnels per subnet.</P><P>I suspect the issue popped up after we upgraded the vsx environment from take 66 to take 110.</P><P>Does this ring a bell with anyone?&nbsp; I'm thinking of upgrading the azure gw to take 110.&nbsp; Or restoring a snapshot to take 66 on one of the vsx members.&nbsp;</P><P>Yes, we have an open support ticket.&nbsp; So far no bug has been found.&nbsp; But i also wanted to check here if there are people running a similar environment on take 110 and have seen this issue before or not?</P><P><SPAN>__PRESENT</SPAN></P> Fri, 12 Jan 2024 09:28:18 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vpn-tunnel-active-but-no-trafic-flowing-through/m-p/202905#M4548 pnobels 2024-01-12T09:28:18Z Re: vpn tunnel active but no trafic flowing through https://community.checkpoint.com/t5/Cloud-Firewall/vpn-tunnel-active-but-no-trafic-flowing-through/m-p/202914#M4549 <P>I think you are right, first step here should be upgrading the Azure gw latest recommended JHF.</P><P>&nbsp;</P><P>79 is fairly old and probably some behavior changes were introduced in later takes that are producint this issue</P> Fri, 12 Jan 2024 11:36:46 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vpn-tunnel-active-but-no-trafic-flowing-through/m-p/202914#M4549 Machine_Head 2024-01-12T11:36:46Z