AnsweredAssumed Answered

Managing r80.10 AWS vSEC from On-Prem SMS via existing VPN

Question asked by Vladimir Yakovlev on Sep 22, 2017
Latest reply on Sep 25, 2017 by Dameon Welch Abernathy

Experts,

 

Please chime-in: I have a pre-existing VPC on AWS with On-Prem CheckPoint to VPG dual-tunnel VPN in place.

Now the client wants to expand his security in VPC by introducing Check Point R80.10 vSEC gateway for both: outbound and inbound connections to and from Internet.

 

I have no problem deploying vSEC with two NICs, ammending the routing tables and security groups as well as establishing SIC.

First policy push, no changes to the policy, just vSEC object present, brakes it all.

Additionally, the on-prem SMS to AWS Data Center connection (using Access Key ID and Secret Access Key), does not work via pre-established VPN. It requires SMS to access this data from the Internet only.

 

I cannot be the only one in this situation, it seems pretty common topology to be unique.

 

Any suggestions?

Outcomes