Secure outgoing Internet connections for VPC Instances in AWS

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk94050
Technical Level
Product	vSEC for AWS
Version	R75 (EOL), R75.40 (EOL)
OS	SecurePlatform, Gaia
Platform / Model	AWS
Date Created	11-Sep-2013
Last Modified	04-Aug-2016

Solution

In order to secure connections from a VPC instance in AWS to any IP address that is not part of your VPC CIDR, the Security Gateway should be configured to "Hide NAT" the instance you wish to secure.

Follow these steps:

Step 1: In AWS

Configure the route table, for the subnet that includes the network interface you wish to secure, to route all traffic that is external to the VPC to the Check Point virtual appliance. (0.0.0.0/0 - Gateway).
Do not configure an Elastic IP address for the VPC instance you wish to secure.

Step 2: In SmartDashboard

Configure the following NAT rule:
Assuming that:
- The Security Gateway's private IP address is: 10.0.0.10
- The VPC Instance's private IP address is: 10.0.2.40
ORIGINAL PACKET TRANSLATED PACKET INSTALL ON

SOURCE DESTINATION SERVICE SOURCE DESTINATION SERVICE

10.0.2.40 Any Any 10.0.0.10 = Original = Original Security Gateway
object
Install policy on the Security Gateway.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating