topic Re: AWS VPN Setup in Firewall and Security Management

AWS VPN Setup

Sanjay_S — Wed, 13 Nov 2019 11:33:52 GMT

Hi All,

We have setup a new VPN from Checkpoint R80.10 to AWS. We are getting the below message in tracker though the packet is accepting.

Firewall - Protocol violation detected with protocol:(IKE-UDP), matched protocol sig_id:(4), violation sig_id:(13). (500)

I have created the new UDP IKE service with Protocol signature enabled and allowed the access to peer but still the same. May i know what could be the reason?

Thanks in Advance.

Re: AWS VPN Setup

PhoneBoy — Wed, 13 Nov 2019 18:08:09 GMT

Wouldn't you want the protocol signature not set, since that seems to be the issue?
That said, we should fix the protocol signature, which means some packet traces and a TAC case are in order.

Re: AWS VPN Setup

Sanjay_S — Thu, 14 Nov 2019 16:09:23 GMT

So TAC case is must you say? Never enabled protocal signature for any other AWS VPN till date. And for this i enabled and implemented though the issue persists.

Re: AWS VPN Setup

PhoneBoy — Thu, 14 Nov 2019 19:25:52 GMT

In your original post, you said: "I have created the new UDP IKE service with Protocol signature enabled"
I just checked the original definition of IKE, and it does not have Protocol Signature enabled.
I can't think of any reason why you should enable this, either.

In any case, I would consult with the TAC as this is clearly not expected behavior.