Create a Post
Showing results for 
Search instead for 
Did you mean: 

issues with VPN directional match conditioin

Good day,


   i am trying to set up a site-to-site VPN with AWS. i have already followed the instructions generated by AWS with regard to configuring the Checkpoint side. i have created the necessary VPN tunnel interfaces, interoperable devices, etc.

  i have set up awsvpn VPN Community, and set our Checkpoint gateway as central gateway, and the defined interoperable device as satellite gateways.

   i have set up security policy rules for the subnets in question, and have set up Directional Matching conditions as follows:

Internal_clear -> awsvpn

awsvpn -> awsvpn

awsvpn -> Internal_clear


    On the AWS side, the vpn tunnel is reported to be Available.

    i can see tunnel_traffic going back and forth from AWS and our Checkpoint gateway.

    Despite all that, traffic coming from our onprem subnet is still being blocked despite the defined rules.

    Removing the Directional Match Conditions seems to fix the blocking issue, and i can see packets being allowed through...but end result is both ends still cannot reach the other side.

   Any suggestions on where i should check? Any help would be much appreciated. Thank you.


0 Kudos
1 Reply

You need to use Route-Based VPNs with an AWS endpoint.
More details about what exactly you configured and how you observed the failed behavior would be helpful.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events