Port re-use issue on R80.20

Muazzam — Mon, 30 Aug 2021 15:55:34 GMT

Hardware: 13800 or 23500
OS: GAIA R80.20 T103 or T161
Blades: Only FW

Overall utilization of the firewall is low, throughput around 100-200 Mbps, cores mostly in single digits.
Interface drops: Some drops but less than 0.001%

We have similar issues on multiple firewalls but not able to find any clear SK on our issue.
What we found is that firewall use the same NAT source port before a previous connection has completely expires and this cause a drop on the vendor side among other symptoms we have seen.

There are other factors that we are considering as the traffic goes from end-user to proxy to load balancer, multiple NAT's involved, finally traffic goes to out to the external vendor.

Just wondering if anyone has seen the port NAT source port re-use issue?
I heard that R80.40 works in a different way for allocating the NAT ports?

Re: Port re-use issue on R80.20

the_rock — Mon, 30 Aug 2021 17:58:01 GMT

I have a feeling below might be your solution...but if not, you may wish to contact TAC possibly and confirm.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk24960

Re: Port re-use issue on R80.20

Muazzam — Mon, 30 Aug 2021 20:50:05 GMT

The SK looks related to this issue.

topic Re: Port re-use issue on R80.20 in Firewall and Security Management

Port re-use issue on R80.20

Re: Port re-use issue on R80.20

Re: Port re-use issue on R80.20