How to setup a basic AWS vSEC with a VPN back to Home office?

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
How to setup a basic AWS vSEC with a VPN back to H...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

Sal_Bonaccorso

Participant

‎2017-06-26 01:10 PM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

How to setup a basic AWS vSEC with a VPN back to Home office?

We have been having major difficulties setting up the most basic configuration for our office. We have spoken to 5 Checkpoint engineers over 3 weeks and still have not been able to get the firewall online.

Here is the layout and the request:

We have a central office that we VPN from to the AWS Checkpoint Vsec device. We have 1 server in AWS in our VPC.

We are trying to have all traffic coming into the VPC from our office go through the firewall and any traffic leaving the VPC go through the firewall as well.

The issue we have is a routing issue. We seem to not be able to get both the server and the Firewall to talk back to our central office. We can see the firewall, and push policies, but cannot see the server behind it. In order for the Vsec device to get to the internet, there has to be a static route of 0.0.0.0/0 to inetgateway in your VPC, and then we place our internal subnets pointing to the interface on the Vsec device.

The traffic will go to the firewall, but never come back to the office. No pings, nothing. Like a black hole. All the rules are wide open.

I don't understand how the most simple AWS VPC deployment has brought a Vsec to its knees and no one can figure this out...