AnsweredAssumed Answered

Route Azure internet traffic via VPN to on-premises firewall

Question asked by Sarvesh Chougule on Jan 3, 2019

Hi All,


I have setup a VPN between Azure and our on-premises Checkpoint cluster. The VPN is up and working fine.

Now we are trying to route all internet bound traffic from Azure subnets via the on-prem firewalls for inspection and auditing. I have setup the route-based vpn i.e. Gateway-to-Gateway tunnel management in Checkpoint and can see that the internet traffic hits the Checkpoint firewall on premises.

However this traffic is being dropped with the error "According to the policy this packet should not be decrypted".


Has anyone faced this issue with forced tunneling?


I have referred to sk101275 and microsoft link below for setting up the VPN:

Configure forced tunneling for Azure Site-to-Site connections: Resource Manager | Microsoft Docs 


Thanks in Advance,