topic Re: VPN/SSH connection disconnected during data transfer in Firewall and Security Management

VPN/SSH connection disconnected during data transfer

thevvk — Mon, 20 Jan 2020 07:21:33 GMT

Hi,

we are using Global VPN to connect with one of our clients to access their servers but when we are trying to transfer data through Winscp application; the SSH and global VPN getting this connected as we checked, there is no restriction from client side.

The same data transfer is working with mobile hotspot taghering but we are having a problem when we are using our company network.

In our company, we using checkpoint Firewall(5400) and we have enabled communication to client public IP in our check point access rule.

Re: VPN/SSH connection disconnected during data transfer

PhoneBoy — Tue, 21 Jan 2020 16:40:09 GMT

What version/JHF is the gateway running?
What precise troubleshooting steps have you taken so far with the results of said steps?
What do the logs on the gateway say when you attempt this communication?
Have you done any tcpdumps to verify the traffic is entering and leaving the gateway?

Re: VPN/SSH connection disconnected during data transfer

thevvk — Wed, 22 Jan 2020 05:45:51 GMT

Hi,

We are using Checkpoint Firewall 5400 in our Network.

when connecting to Global protect client VPN, we can successfully establish a session/connection. We can connect to the server and access our Server resources, available at the client-side.
We have verified with Client that all restrictions on the firewall have been removed for VPN IP(whatever IP, VPN client is getting after connecting the VPN).

Issue: After connecting to VPN, when we initiate a WinSCP connection to the same server and try to transfer any file, VPN and server connections get disconnected in the Company's private network. The same issue has been tested on a different network (mobile hotspot using USB tethering) and did not face any issues.

tried below steps:
1. Allowed communication to Client Public IP
2. Allowed communication through Separate public IP
3. Checked the Global VPN clients logs; attaching logs.
4. Checked Checkpoint Firewall logs; HTTPS(443) & UDP(4501) traffic is passing from internal LAN to Public IP.

Re: VPN/SSH connection disconnected during data transfer

PhoneBoy — Wed, 22 Jan 2020 16:55:17 GMT

I'm not understanding what your environment looks like, which makes it very difficult to suggest where to begin troubleshooting.
You're mentioning the Global Protect VPN client, which I believe is a product by Palo Alto Networks.

Please provide a network diagram of the environment in question and list software versions/JHF levels of all gateways involved including client VPN software.
You might also engage with the TAC.

Re: VPN/SSH connection disconnected during data transfer

thevvk — Wed, 22 Jan 2020 17:20:52 GMT

Hi,

We are using Global protect VPN to connect client servers which behind the client Firewall Palo alto; we are able to connect VPN also and servers are also accessible.

The problem is when we are trying to transfer data through WinSCP from our private network; global protect VPN is getting disconnected but the same data transfer we are able to do with VPN connected through Mobile hotspot(other networks).

We are using checkpoint in our private network with Gaia version 80.10

let me know if you need more info.

Re: VPN/SSH connection disconnected during data transfer

PhoneBoy — Wed, 22 Jan 2020 17:44:06 GMT

R80.10 at what JHF level?

Have you done any packet captures on your gateway (ingress and egress) to see what the traffic looks like as it traverses the gateway?
It may or may not be related to the Check Point gateway at all.
Also, it might be worth engaging with PAN's support on this to see what is causing the Global Protect client to disconnect.

Re: VPN/SSH connection disconnected during data transfer

thevvk — Wed, 22 Jan 2020 18:10:29 GMT

Hi,

I checked the logs in our gateway; 443 and 4501 ports traffic is passing.

yes, might be it's not related to Checkpoint gateway but we are facing this issue only with our network, with other networks, it's is working fine.

as we checked with the Palo alto team(client), there is no restriction for the VPN IP.

Re: VPN/SSH connection disconnected during data transfer

Jerry — Wed, 22 Jan 2020 19:37:24 GMT

MTU mismatch somewhere ?

Re: VPN/SSH connection disconnected during data transfer

PhoneBoy — Wed, 22 Jan 2020 22:50:01 GMT

Right, which is why I'm suggesting packet captures with tcpdump, fw monitor, or some other mechanism.
If it's an MTU issue like Jerry says, packet captures will bear that out.

Re: VPN/SSH connection disconnected during data transfer

thevvk — Thu, 23 Jan 2020 04:52:24 GMT

Hi,

I have captured the packet, only 443 and 4501 traffic is showing there.

Re: VPN/SSH connection disconnected during data transfer

Jerry — Thu, 23 Jan 2020 07:47:04 GMT

it doesn't really matter what tcp or udp port traffic you capture just show us something or analyze yourself what's wrong with the flow 🙂

little hint:

https://forums.clavister.com/viewtopic.php?t=11915

Re: VPN/SSH connection disconnected during data transfer

PhoneBoy — Thu, 23 Jan 2020 19:41:23 GMT

Precisely how did you capture the traffic?
Did you do packet captures on both the ingress and egress of the gateway?
Did you compare them to see that they're the same?
If they're the same, the problem may be upstream of your gateway.