--- title: "Uploading Tunnel Configuration Files" slug: "uploading-tunnel-configuration-files" updated: 2026-04-07T08:59:08Z published: 2026-04-07T08:59:08Z canonical: "support.perimeter81.com/uploading-tunnel-configuration-files" stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt > Use this file to discover all available pages before exploring further. # Uploading Tunnel Configuration Files Check Point SASE Managers and Admins can import a ***Site-2-Site VPN connection configuration file.*** This will automatically populate the Check Point SASE tunnel configuration fields with the corresponding information from the remote site. This will reduce admin work by eliminating the need to populate fields manually and reduce the possibility of tunnel misconfigurations during the initial tunnel creation process. Admins can manually change the imported values after the uploading process. To upload a configuration file from the Tunnel Creation or Edit dialogue, locate the '***AWS/Azure VPN Connection Configuration File***' section under General Settings, then click the '**Upload File**' button to the right of the window: ## ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672336568839.png) Supported Vendors and Tunnel Types - [Amazon Web Services (AWS)](/v1/docs/uploading-tunnel-configuration-files#amazon-web-services-aws) - Single Tunnel - Redundant (High-Availability) Tunnels - [Microsoft Azure](/v1/docs/uploading-tunnel-configuration-files#microsoft-azure) - Single Tunnel Redundant (High-Availability) Tunnels with AzureCurrently, the import feature is not supported for Redundant (High-Availability) Tunnels on Azure Cloud. Please follow our [Azure Redundant Tunnels - Virtual network gateway](/v1/docs/azure-redundant-tunnels-vgw) guide for manual instructions. ## Downloading the configuration file ### **Amazon Web Services (AWS)** After setting up your Site-to-Site tunnel, navigate to your **VPC** -> **Virtual Private Network (VPN)**-> **Site-to-Site VPN Connections**, and click ***Download*** to get the configuration file, ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672337833049.png) - When exporting configuration files from AWS for a**single tunnel**, please choose the *Strongswan* format: ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672337905314.png) - When exporting configuration files from AWS for a **redundant tunnel**,****please choose the *Generic* format: ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672337535250.png) ### **Microsoft****Azure** After setting up your Site-to-Site tunnel, navigate to your **Virtual network gateway**, then Click **Connections.**Choose your connection with Check Point SASE and click ***Download configuration*** to get the configuration file: ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672339477615.png) - When exporting configuration files from Azure for a**single tunnel**, please choose the *Generic Samples* format: ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1672339580585.png) ## Value extracted The *Tunnel Values* that are extracted from the configuration file include the following parameters: - **General Settings** - Shared Secret (Pre-Shared Key) - Check Point SASE Gateway internal IP - Remote Public IP - Remote ID - Remote Gateway internal IP - Remote Gateway ASN (for redundant tunnels) - **Advanced Settings**: - IKE Version - IKE Lifetime - Tunnel Lifetime - Dead Peer Detection Delay - Dead Peer DetectionTimeout - Cipher Suites (Azure Only)