https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66185#M12244 <P>Hello,</P><P>I have an existing clusterA with 2 gateways and a SMS server.&nbsp; Cluster A has several internal interfaces, an external interface and a sync.&nbsp; I have a new external clusterB that I have successfully added to my SMS.&nbsp; The external clusterB has 2 internal interfaces, 1 external interface and a sync interface.</P><P>From the internal interface of clusterA to the external interface of new clusterB, I was able to SSH, HTTPS and ping.&nbsp; After setting up a site to site VPN between clusterA and clusterB, I can no longer SSH or HTTPS from the internal interface of clusterA to the external interface of clusterB, but I can still ping from the internal interface of clusterA to the external interface of clusterB.&nbsp;</P><P>I can SSH/HTTPS from the internal interface of clusterA to the internal interfaces of cluster B.</P><P>On my other site to site VPNs (which I don't manage with my SMS), I see SSH being accepted on an implied rule, but on my new cluster, SSH just drops to the cleanup rule.</P><P>Any ideas on what the issue is?&nbsp; Why I can no longer SSH/HTTPS from internal interface of clusterA to the external interface of clusterB?</P><P>Thanks</P> Tue, 29 Oct 2019 20:27:18 GMT KWD 2019-10-29T20:27:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66185#M12244 <P>Hello,</P><P>I have an existing clusterA with 2 gateways and a SMS server.&nbsp; Cluster A has several internal interfaces, an external interface and a sync.&nbsp; I have a new external clusterB that I have successfully added to my SMS.&nbsp; The external clusterB has 2 internal interfaces, 1 external interface and a sync interface.</P><P>From the internal interface of clusterA to the external interface of new clusterB, I was able to SSH, HTTPS and ping.&nbsp; After setting up a site to site VPN between clusterA and clusterB, I can no longer SSH or HTTPS from the internal interface of clusterA to the external interface of clusterB, but I can still ping from the internal interface of clusterA to the external interface of clusterB.&nbsp;</P><P>I can SSH/HTTPS from the internal interface of clusterA to the internal interfaces of cluster B.</P><P>On my other site to site VPNs (which I don't manage with my SMS), I see SSH being accepted on an implied rule, but on my new cluster, SSH just drops to the cleanup rule.</P><P>Any ideas on what the issue is?&nbsp; Why I can no longer SSH/HTTPS from internal interface of clusterA to the external interface of clusterB?</P><P>Thanks</P> Tue, 29 Oct 2019 20:27:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66185#M12244 KWD 2019-10-29T20:27:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66407#M12245 Have you done a tcpdump/fw monitor on both ends to very the traffic is getting there?<BR />What does it look like?<BR />Also, what errors do you see in the logs? Fri, 01 Nov 2019 20:09:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66407#M12245 PhoneBoy 2019-11-01T20:09:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66526#M12246 I was able to resolve the issue. But I appreciate your reply. Mon, 04 Nov 2019 17:35:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66526#M12246 KWD 2019-11-04T17:35:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66587#M12247 What was the issue? Tue, 05 Nov 2019 12:29:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-HTTPS-External-Interface/m-p/66587#M12247 PhoneBoy 2019-11-05T12:29:02Z