Support Center > Search Results > SecureKnowledge Details
Secure outgoing Internet connections for VPC Instances in AWS
Solution

In order to secure connections from a VPC instance in AWS to any IP address that is not part of your VPC CIDR, the Security Gateway should be configured to "Hide NAT" the instance you wish to secure.

Follow these steps:

Step 1: In AWS

  1. Configure the route table, for the subnet that includes the network interface you wish to secure, to route all traffic that is external to the VPC to the Check Point virtual appliance. (0.0.0.0/0 - Gateway).

  2. Do not configure an Elastic IP address for the VPC instance you wish to secure.

Step 2: In SmartDashboard

  1. Configure the following NAT rule:

    Assuming that:
    • The Security Gateway's private IP address is: 10.0.0.10
    • The VPC Instance's private IP address is: 10.0.2.40
    ORIGINAL PACKET TRANSLATED PACKET INSTALL ON
    SOURCE DESTINATION SERVICE SOURCE DESTINATION SERVICE
    10.0.2.40 Any Any 10.0.0.10 = Original = Original Security Gateway
    object
  2. Install policy on the Security Gateway.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment