This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kristait
Contributor
‎2024-06-22 03:00 AM

Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

Hello Everyone,

We need assistance regarding the S2S VPN configuration between AWS and the SMB Firewall (1800) Locally managed device.

We followed the documentation provided and configured the VPN. How to configure Site-to-Site VPN between Amazon Web Services and locally managed SMB appliance (che...

The tunnel is up on both sides, but we are still unable to communicate between devices or ping from either end.

SR: 6-0003922338 is open from 4/22/2024 and still waiting from solution and support from team.

Please let us know if this device is capable of handling this type of configuration. Any insights or guidance would be greatly appreciated.

Thank you!

 

0 Kudos
9 Replies
_Val_
Admin
Admin
‎2024-06-24 04:43 AM

If you are still unable to resolve this, please open a TAC request: https://help.checkpoint.com

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-24 01:13 PM

What EXACTLY have you configured?
Please provide screenshots, of the things mentioned in the SK you linked, redacting sensitive details.
Otherwise, I suggest you do a remote session with TAC, which it appears they tried to do with you previously.

0 Kudos
kristait
Contributor
‎2024-06-28 02:02 AM
In response to PhoneBoy

Hello @PhoneBoy, Sure here is the configuration.

AWS Side Configuration

1. Create a Site-to-Site Connection:

  • Under Static Route, add your local network CIDR.
  • Download the configuration:
    • Vendor: Checkpoint
    • Platform: Gaia
    • Software: R80.10+
    • IKE Version: IKEv2

Checkpoint SMB Configuration

1. Connect to the Firewall via SSH and Create a VPN Tunnel (VTI):

  •  Verify that the VPN tunnel (VTI) is visible under Local Network

VTP.JPG

2. Create a VPN Site:
- Navigate to VPN -> VPN Sites -> New.

Remote Site

T1 Remote Site.JPG

Encryption

Encryption.JPG

Advanced

Advanced.JPG

This is the configuration we have done as per the sk111733

Below is the screenshot where you able to see the VPN tunnel us up at both sides.

AWS Tunnel1.JPGCP Tunnel1.JPG


0 Kudos
mccabe
Employee
Employee
‎2024-06-28 03:43 AM
In response to kristait

Can you share an output of the routing table from the Spark?

0 Kudos
kristait
Contributor
‎2024-06-28 04:20 AM
In response to mccabe

Below is the route Table

route.JPG

0 Kudos
mccabe
Employee
Employee
‎2024-06-28 04:50 AM
In response to kristait

Thanks. Now check on the AWS side that there's a corresponding route coming back to the Spark on vpnt1

0 Kudos
kristait
Contributor
‎2024-08-05 09:13 AM
In response to mccabe

Hello, does anyone know how long the TAC team takes to resolve an issue? My ticket has been open for the last three months, but they have been unable to resolve it or provide a proper solution.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-12 09:32 AM
In response to kristait

Depends on the exact nature of the issue.
If you send me the SR in a PM, I can take a look. 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-19 09:08 AM
In response to PhoneBoy

Thanks, I've reviewed the SK.

Are you using Policy Based Routing with this configuration?
If so, then this SK might apply: https://support.checkpoint.com/results/sk/sk180433 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events