This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
albertcuy
Participant
‎2021-06-02 07:40 PM

issues with VPN directional match conditioin

Good day,

 

   i am trying to set up a site-to-site VPN with AWS. i have already followed the instructions generated by AWS with regard to configuring the Checkpoint side. i have created the necessary VPN tunnel interfaces, interoperable devices, etc.

  i have set up awsvpn VPN Community, and set our Checkpoint gateway as central gateway, and the defined interoperable device as satellite gateways.

   i have set up security policy rules for the subnets in question, and have set up Directional Matching conditions as follows:

Internal_clear -> awsvpn

awsvpn -> awsvpn

awsvpn -> Internal_clear

   

    On the AWS side, the vpn tunnel is reported to be Available.

    i can see tunnel_traffic going back and forth from AWS and our Checkpoint gateway.

    Despite all that, traffic coming from our onprem subnet is still being blocked despite the defined rules.

    Removing the Directional Match Conditions seems to fix the blocking issue, and i can see packets being allowed through...but end result is both ends still cannot reach the other side.

   Any suggestions on where i should check? Any help would be much appreciated. Thank you.

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-06-04 08:22 PM

You need to use Route-Based VPNs with an AWS endpoint.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
More details about what exactly you configured and how you observed the failed behavior would be helpful.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events