- Newest
- Most votes
- Most comments
You don't mention this but just in case: Make sure that the source/destination check for your firewall instance is disabled as per our documentation for NAT instances.
Second: You can see where packets are being routed in a VPC by using VPC Flow Logs.
Third: VPC is an overlay network so doesn't necessarily behave quite the way that an on-premises network will. A good thing to watch here is Another Day Another Billions Flows but because that takes time - one of the things that happens in a VPC is that the flow path is cached so when you change routes you may not see the packets flow along that "new" route immediately. You might try stopping the existing ping
or try sending ICMP echo requests to another destination.
Thank you for the response. The NAT instances link is helpful. On the old FW I have src/dst check stopped, however, on the new FW it is not stopped (like I said, it's been a while!). I will stop the src/dst check and try tomorrow morning AEST as I have a handful of users now logged on. Thanks again! :-)
For testing purposes I added a new route for my public home IP address with target of the new firewall and deployed a new Windows instance. It is working! Happy days.
Relevant content
- Accepted Answerasked 4 years ago
- How does the "preserve client IP" with a public NLB works targeting an instance on an intra subnet ?Accepted Answerasked a month ago
- asked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 6 months ago