I have setup a VPN between Azure and our on-premises Checkpoint cluster. The VPN is up and working fine.
Now we are trying to route all internet bound traffic from Azure subnets via the on-prem firewalls for inspection and auditing. I have setup the route-based vpn i.e. Gateway-to-Gateway tunnel management in Checkpoint and can see that the internet traffic hits the Checkpoint firewall on premises.
However this traffic is being dropped with the error "According to the policy this packet should not be decrypted".
Has anyone faced this issue with forced tunneling?
I have referred to sk101275 and microsoft link below for setting up the VPN:
Thanks in Advance,