Hi!

I'm trying to set up a site-to-site VPN between a centrally managed SMB gateway an AWS.

I followed the instructions provided by AWS ( create vpn interfaces, routing, create interoperable object, create vpn community, create firewall rules) succesfully, until the last step where is asked to create a firewall rule to allow the desired traffic using  Directional Match Conditions (internal_clear->community; community->community; community->internal_clear).

The output of the "install policy" task is

"Gateway: rpp27.ddns.net
Policy: Standard
Status: Failed
- Layer 'Network': Rule 18: "rpp27.ddns.net" Operating System is "Gaia Embedded"
External_clear and Internal_clear are only supported as a conditional destination on SecurePlatform, IPSO, Linux and Gaia.
- Policy verification failed."

The VPN tunnel is up, checked via the cli command "vpn tu", and I tried to set only the vpn community in the firewall rule, but the traffic don't match in that rule.

I want to know if there is some equivalent to directional match condition for embedded gaia appliances, or if somebody have succesfull experiencie with setting up VPN between a SMB appliance centrally managed and AWS.