VPN Virtual network & checkpoint firewalls... 1 direction seems ok but not the other direction

VPN with checkpoint is not working..... but I see my traffic encrypted....

I believe it's something with the vpn between our checkpoint firewalls & azure

from us to azure, I see the vpn nice up on my side and I see data is encrypted and send. But I have the impression that it's not the case in the other direction

however I see on checkpoint the correct SA's etc, for both inbound & outbound

Peer 168.63.16.209:

        1. IKE SA <3d86de439affa8df,2fd2ee7df6d6673d>:

       2. IKE SA <dfa8c8a187cfffe1,0121576b13f3c9c8>:

IPSEC sa's

Peer 168.63.16.209:

        INBOUND:

                1. 0xa1af28d7

                2. 0xf67dc33c

        OUTBOUND:

                1. 0x6a34990a

                2. 0x77313f26

So who can manage on your side the azure firewall 168.63.16.209 where the site to site vpn is terminated on? and check the logs on that device? So we can troubleshoot on both sites...

also, I saw it connected first on the portal.

in the mean-time, I did some changes to test, and it says not connected, but I still see the SA's on my side... even when I reset the complete ike & ipsec sa's to the azure fw, and re-initiate, I see again the main mode success& SA's build up, and that traffic is encrypted

but the portal still stays not connected then

As communicated already to the Belgium Ms team, we really would like to collaborate & help you testing with different checkpoint firewalls.

As you maybe know, in the magic quadrant of Gartner (topic firewalls), Checkpoint is still the number 1 ! And Palo Alto number 2...

So I believe it's a must for Microsoft to have the virtual network working with these 2 leaders in firewalls...

Can you also let me know what are the SLA's on the virtual network with firewalls / ipsec devices that are on the supported list?

Can it be that for the moment, there is only support via this forum?

PS. I saw on

http://social.msdn.microsoft.com/forums/nb-no/windowsazureconnectivity/thread/e21f4255-c3d7-4076-bc90-0826bc97dbf5

that 3des is also supported for phase 1 & 2... tested also with this. no difference.

but again, from my side, I don't see any issue on phase 1 & 2... i see it up on my side...:-(

Met vriendelijke groeten, Kind Regards, Salutations distinguées, Koen De Jonghe | 3rd Line BCS Line Manager | Service Delivery Center (SDC) / Back End Core Services (BCS) | Sogeti Belgium Direct +32 (0) 2 722 12 16 | Mobile +32 (0) 499 55 49 93 koen.de.jonghe@sogeti.be Avenue Jules Bordet – 160 – Jules Bordetlaan | Bruxelles – 1140 – Brussel | Belgium Office +32 (0) 2 538 92 92 | Fax +32 (0) 2 537 49 47 www.sogeti.be | www.sogeti.com