Ipsec VPN with Checkpoint routing problems



  • I had setup two VPN between a machine running pfSense 2.3.3.p1 (on AWS) and a firewall running Checkpoint R65 and other in a appliance with pfsense 2.3.3.p1 and the same Checkpoint. Both VPN are set correctly and we can see that the status is UP, but our problems occurs with pfsense in AWS because the communication is only working one way. I can only get traffic coming from pfSense and going through Checkpoint. When the checkpoint originates the traffic (ping or telnet) it is not possible to see packages on the interface (ipsec) or logs in the Pfsense, nevertheless, when the traffic originates from the pfsense then allows the communication working in both ways for a short time.

    By the other side, the VPN set with the pfsense on appliance dont' have the problems and working in both ways.



  • The problem just happened with checkpoint and pfsense on AWS, we are established VPN with other third parties as Juniper, Fortigate, Paloalto, Cisco ASA and the VPN's working without problems with traffic flowing in both ways.

    On the side of the checkpoint we are seeing that the traffic is sent through the tunnel but in pfsense it is not possible to see these packages



  • Hello,

    We got the same problem in here

    We used to have IPsec Tunnel between pfSense and Checkpoint and before two weeks, for no obvious reasons (like change conf, or updates) the tunnel seems broken to deliver traffic from checkpoint to pfsense

    I will attach log files as soon as possible



  • the only way that i had can fix the problem is with a script that did ping every minute since LAN pfsense to LAN checkpoint.


Log in to reply