Hi Guys,

Need your expert guidance in a problem in which we are struggling from many months. Setup is as below:

Location A (DC): Central SMS with a 6200 series Cluster Gateway.

Location B (Branch): 1595 SMB appliance in Local Managed Cluster.

Working Scenario:

Branch Firewall is having a S2S route based VPN with AWS Cloud and their AWS servers are able to communicate with machines (Barcode Printers mostly) behind this Firewalls.

Non-Working Scenario:

Now the customer requirement is to manage these Branch Firewalls via CMS which is in DC. We are able to integrate this branch Firewall with CMS & push policy, but the S2S VPN with AWS is not working basically traffic communication is not working, S2S VPN gets established. While changing the branch Firewall from Local Managed to Central Managed we just selected the management option from local to Central & integrated it with CMS.

We tried various ways to test this but this didn't work, we even performed a UAT with with new intf IP on branch FW & it was working but with production IP set its not working in Central Managed mode, Locally managed is working.

The only resort which we didn't test was formatting the branch firewall & rebuild fresh Central Managed cluster. Traffic initiated from Checkpoint to AWS is being encrypted and sent out.

Can you guide me if we are missing something over here, also is there any limitations on the spark appliances in Central managed mode for route based VPN. I have referred the SK of limitation but those limitations didn't seemed relevant to our case.

We had raised multiple SR as well for this but no solution.

Attaching snaps:

Snap of Packet capture & fw monitor from the firewall showcasing no traffic reaching firewall from AWS

Snap from aws server >> traffic not going into the tunnel from aws

@PhoneBoy