topic Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed) in Spark Firewall (SMB)

Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

kristait — Sat, 22 Jun 2024 10:00:54 GMT

Hello Everyone,

We need assistance regarding the S2S VPN configuration between AWS and the SMB Firewall (1800) Locally managed device.

We followed the documentation provided and configured the VPN. How to configure Site-to-Site VPN between Amazon Web Services and locally managed SMB appliance (checkpoint.com)

The tunnel is up on both sides, but we are still unable to communicate between devices or ping from either end.

SR: 6-0003922338 is open from 4/22/2024 and still waiting from solution and support from team.

Please let us know if this device is capable of handling this type of configuration. Any insights or guidance would be greatly appreciated.

Thank you!

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

_Val_ — Mon, 24 Jun 2024 11:43:20 GMT

If you are still unable to resolve this, please open a TAC request: https://help.checkpoint.com

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

PhoneBoy — Mon, 24 Jun 2024 20:14:12 GMT

What EXACTLY have you configured?
Please provide screenshots, of the things mentioned in the SK you linked, redacting sensitive details.
Otherwise, I suggest you do a remote session with TAC, which it appears they tried to do with you previously.

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

kristait — Fri, 28 Jun 2024 09:02:31 GMT

Hello @PhoneBoy, Sure here is the configuration.

AWS Side Configuration

1. Create a Site-to-Site Connection:

Under Static Route, add your local network CIDR.
Download the configuration:
- Vendor: Checkpoint
- Platform: Gaia
- Software: R80.10+
- IKE Version: IKEv2

Checkpoint SMB Configuration

1. Connect to the Firewall via SSH and Create a VPN Tunnel (VTI):

Verify that the VPN tunnel (VTI) is visible under Local Network

2. Create a VPN Site:
- Navigate to VPN -> VPN Sites -> New.

Remote Site

Encryption

Advanced

This is the configuration we have done as per the sk111733

Below is the screenshot where you able to see the VPN tunnel us up at both sides.

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

mccabe — Fri, 28 Jun 2024 10:43:32 GMT

Can you share an output of the routing table from the Spark?

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

kristait — Fri, 28 Jun 2024 11:20:32 GMT

Below is the route Table

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

mccabe — Fri, 28 Jun 2024 11:50:36 GMT

Thanks. Now check on the AWS side that there's a corresponding route coming back to the Spark on vpnt1

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

kristait — Mon, 05 Aug 2024 16:13:40 GMT

Hello, does anyone know how long the TAC team takes to resolve an issue? My ticket has been open for the last three months, but they have been unable to resolve it or provide a proper solution.

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

PhoneBoy — Mon, 12 Aug 2024 16:32:31 GMT

Depends on the exact nature of the issue.
If you send me the SR in a PM, I can take a look.

Re: Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

PhoneBoy — Mon, 19 Aug 2024 16:08:06 GMT

Thanks, I've reviewed the SK.

Are you using Policy Based Routing with this configuration?
If so, then this SK might apply: https://support.checkpoint.com/results/sk/sk180433