https://community.checkpoint.com/t5/Spark-Firewall-SMB/Conditional-Match-Condition-on-SMB-gateway-Embedded-GAIA/m-p/134694#M6088 <P>Hi!</P><P>&nbsp;</P><P>I'm trying to set up a site-to-site VPN between a centrally managed SMB gateway an AWS.</P><P>I followed the instructions provided by AWS ( create vpn interfaces, routing, create interoperable object, create vpn community, create firewall rules) succesfully, until the last step where is asked to create a firewall rule to allow the desired traffic using&nbsp; Directional Match Conditions (internal_clear-&gt;community; community-&gt;community; community-&gt;internal_clear).</P><P>The output of the "install policy" task is</P><P>"Gateway: rpp27.ddns.net<BR />Policy: Standard<BR />Status: Failed<BR />- Layer 'Network': Rule 18: "rpp27.ddns.net" Operating System is "Gaia Embedded"<BR />External_clear and Internal_clear are only supported as a conditional destination on SecurePlatform, IPSO, Linux and Gaia.<BR />- Policy verification failed."</P><P>The VPN tunnel is up, checked via the cli command "vpn tu", and I tried to set only the vpn community in the firewall rule, but the traffic don't match in that rule.</P><P>I want to know if there is some equivalent to directional match condition for embedded gaia appliances, or if somebody have succesfull experiencie with setting up VPN between a SMB appliance centrally managed and AWS.</P> Tue, 23 Nov 2021 00:06:23 GMT burticio 2021-11-23T00:06:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Conditional-Match-Condition-on-SMB-gateway-Embedded-GAIA/m-p/134694#M6088 <P>Hi!</P><P>&nbsp;</P><P>I'm trying to set up a site-to-site VPN between a centrally managed SMB gateway an AWS.</P><P>I followed the instructions provided by AWS ( create vpn interfaces, routing, create interoperable object, create vpn community, create firewall rules) succesfully, until the last step where is asked to create a firewall rule to allow the desired traffic using&nbsp; Directional Match Conditions (internal_clear-&gt;community; community-&gt;community; community-&gt;internal_clear).</P><P>The output of the "install policy" task is</P><P>"Gateway: rpp27.ddns.net<BR />Policy: Standard<BR />Status: Failed<BR />- Layer 'Network': Rule 18: "rpp27.ddns.net" Operating System is "Gaia Embedded"<BR />External_clear and Internal_clear are only supported as a conditional destination on SecurePlatform, IPSO, Linux and Gaia.<BR />- Policy verification failed."</P><P>The VPN tunnel is up, checked via the cli command "vpn tu", and I tried to set only the vpn community in the firewall rule, but the traffic don't match in that rule.</P><P>I want to know if there is some equivalent to directional match condition for embedded gaia appliances, or if somebody have succesfull experiencie with setting up VPN between a SMB appliance centrally managed and AWS.</P> Tue, 23 Nov 2021 00:06:23 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Conditional-Match-Condition-on-SMB-gateway-Embedded-GAIA/m-p/134694#M6088 burticio 2021-11-23T00:06:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Conditional-Match-Condition-on-SMB-gateway-Embedded-GAIA/m-p/134752#M6089 <P>UPDATE:</P><P>&nbsp;</P><P>I managed to solve it, just by not using Directional Match Conditions in the firewall rule.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 23 Nov 2021 17:00:55 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Conditional-Match-Condition-on-SMB-gateway-Embedded-GAIA/m-p/134752#M6089 burticio 2021-11-23T17:00:55Z