- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi All,
I have setup a VPN between Azure and our on-premises Checkpoint cluster. The VPN is up and working fine.
Now we are trying to route all internet bound traffic from Azure subnets via the on-prem firewalls for inspection and auditing. I have setup the route-based vpn i.e. Gateway-to-Gateway tunnel management in Checkpoint and can see that the internet traffic hits the Checkpoint firewall on premises.
However this traffic is being dropped with the error "According to the policy this packet should not be decrypted".
Has anyone faced this issue with forced tunneling?
I have referred to sk101275 and microsoft link below for setting up the VPN:
Configure forced tunneling for Azure Site-to-Site connections: Resource Manager | Microsoft Docs
Thanks in Advance,
Sarvesh
Hi Sarvesh,
I suspect that you may already have the answer you need.
The message you are seeing "According to the policy this packet should not be decrypted". Means that your onpremise gateway was not expecting to see the traffic from azure via the tunnel and drops it.
Have you set the encryption domain for your azure subnets where the traffic is sourced from on the peer object for the azure gateway within check point?
Cheers
Mark
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY