AnsweredAssumed Answered

How to setup a basic AWS vSEC with a VPN back to Home office?

Question asked by Sal Bonaccorso on Jun 26, 2017
Latest reply on Jun 30, 2017 by Dameon Welch Abernathy

We have been having major difficulties setting up the most basic configuration for our office.  We have spoken to 5 Checkpoint engineers over 3 weeks and still have not been able to get the firewall online.

 

Here is the layout and the request:

 

We have a central office that we VPN from to the AWS Checkpoint Vsec device.  We have 1 server in AWS in our VPC.  

 

We are trying to have all traffic coming into the VPC from our office go through the firewall and any traffic leaving the VPC go through the firewall as well. 

 

The issue we have is a routing issue.  We seem to not be able to get both the server and the Firewall to talk back to our central office.  We can see the firewall, and push policies, but cannot see the server behind it. In order for the Vsec device to get to the internet, there has to be a static route of 0.0.0.0/0 to inetgateway in your VPC, and then we place our internal subnets pointing to the interface on the Vsec device.

 

The traffic will go to the firewall, but never come back to the office. No pings, nothing.  Like a black hole.  All the rules are wide open.

 

I don't understand how the most simple AWS VPC deployment has brought a Vsec to its knees and no one can figure this out... 

Attachments

Outcomes