https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218206#M41625 <P>Thats why I put my other reply, since I know most of us hate reading documentation, though my doc was short lol. Anyway, if you read it carefully, you would have seen I had in there EXACTLY what I posted after <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Glad its working!</P> <P>Andy</P> Thu, 20 Jun 2024 10:50:13 GMT the_rock 2024-06-20T10:50:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/217909#M41548 <P>Hello,</P><P>I created a VPN to from onprem fw cluster to AWS gateway exactly like desribed in <SPAN class=""><SPAN class="">sk100726</SPAN></SPAN>.</P><P>The VPN is up and I see tunneltest packets but the traffic does not match the outgoing rule with the directional match, runs to cleanup and is dropped. Selectig VPN any leads to an "accept" but not to encrypt.</P><P>Customer already have another working vpn to aws - actually no idea where to debug the rule match.</P> Tue, 18 Jun 2024 08:26:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/217909#M41548 dede79 2024-06-18T08:26:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/217938#M41552 <P>Can you send the screenshot of the rule itself?&nbsp;</P> <P>Andy</P> Tue, 18 Jun 2024 12:48:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/217938#M41552 the_rock 2024-06-18T12:48:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218040#M41564 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2024-06-19_08-05-49.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26342i86B3E4AA2CABF78A/image-size/medium?v=v2&amp;px=400" role="button" title="2024-06-19_08-05-49.jpg" alt="2024-06-19_08-05-49.jpg" /></span></P><P> </P> Wed, 19 Jun 2024 06:07:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218040#M41564 dede79 2024-06-19T06:07:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218055#M41567 <P>Thats why it fails. Check out my post below on what rule should look like, its in the attached doc.</P> <P>Andy</P> <P>&nbsp;</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950</A></P> Wed, 19 Jun 2024 10:08:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218055#M41567 the_rock 2024-06-19T10:08:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218056#M41568 <P>And if it hates you to read the doc (which I would not blame you for lol), then make sure vpn column is as below, 3 entries:</P> <P>internal; clear - vpn communit</P> <P>vpn community - internal clear</P> <P>vpn community - vpn community</P> <P>Push policy, test.</P> <P>Andy</P> Wed, 19 Jun 2024 10:09:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218056#M41568 the_rock 2024-06-19T10:09:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218177#M41617 <P>Hi - your doc helped (peer name in tunnel interface was same as interopdevice but with 1 capital letters) but this should have nothing to do with the rule I posted...I had all the 3 relevant rules.</P> Thu, 20 Jun 2024 06:54:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218177#M41617 dede79 2024-06-20T06:54:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218206#M41625 <P>Thats why I put my other reply, since I know most of us hate reading documentation, though my doc was short lol. Anyway, if you read it carefully, you would have seen I had in there EXACTLY what I posted after <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Glad its working!</P> <P>Andy</P> Thu, 20 Jun 2024 10:50:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-AWS-rules-not-matching/m-p/218206#M41625 the_rock 2024-06-20T10:50:13Z