Check Point to Azure S2S VPN and VPN Community Routing

FirewallerRS — Tue, 12 Mar 2024 15:31:34 GMT

We have deployed and configured Azure Checkpoint HA Cluster with loadbalancers and an end-device network for testing. Azure and onprem Gateways are connected via a s2s tunnel. Communication from Azure "endpoint network" to onprem device works and seems to be ok. The need is, to route all traffic (including internet) through s2s tunnel to our onprem Gateways. So we changed settings for s2s tunnel in (vpn community - vpn routing) from "to center only" to "to center or through the center to internet."

After this change, Azure Firewall Gateways are no longer accessible via public ip, and HA Cluster no longer works correct. Any ideas, where the problem could be?

Re: Check Point to Azure S2S VPN and VPN Community Routing

PhoneBoy — Wed, 13 Mar 2024 00:19:50 GMT

What is the actual encryption domain for your Azure gateways?
I suspect you may need to include some IPs/networks in it to ensure traffic is NOT encrypted when it doesn't need to be.
Might also need some specific static routes that aren't "default."

topic Re: Check Point to Azure S2S VPN and VPN Community Routing in Firewall and Security Management

Check Point to Azure S2S VPN and VPN Community Routing

Re: Check Point to Azure S2S VPN and VPN Community Routing