Good day,

   i am trying to set up a site-to-site VPN with AWS. i have already followed the instructions generated by AWS with regard to configuring the Checkpoint side. i have created the necessary VPN tunnel interfaces, interoperable devices, etc.

  i have set up awsvpn VPN Community, and set our Checkpoint gateway as central gateway, and the defined interoperable device as satellite gateways.

   i have set up security policy rules for the subnets in question, and have set up Directional Matching conditions as follows:

Internal_clear -> awsvpn

awsvpn -> awsvpn

awsvpn -> Internal_clear

    On the AWS side, the vpn tunnel is reported to be Available.

    i can see tunnel_traffic going back and forth from AWS and our Checkpoint gateway.

    Despite all that, traffic coming from our onprem subnet is still being blocked despite the defined rules.

    Removing the Directional Match Conditions seems to fix the blocking issue, and i can see packets being allowed through...but end result is both ends still cannot reach the other side.

   Any suggestions on where i should check? Any help would be much appreciated. Thank you.