topic Re: Return traffic from an internal server is directed to public NAT WAN ip in Firewall and Security Management

Return traffic from an internal server is directed to public NAT WAN ip

COE_JW — Sat, 19 Nov 2022 01:42:26 GMT

I have a growing number of situations where I am running into this issue where a internal machine is able to reach out but returning traffic destination is showing dropped at my external ip.

I have attached an image of the allowed traffic out, and the drop on my public.

I am curious if the issue may be related to sk114395
Automatic creation of Proxy ARP for Manual NAT rules on Security Gateway
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114395

In my other instances where i see similar issues, with users attempting to authenticate to a web too out side of our org
and the users browser is redirected back to our public ip as well.
I worked with TAC in the past regarding this issue but did not make any progress.
Working with a consultant on upgrading our blades from 80.30 to 81.10 took a moment and we did see a little improvement adding an entry to the proxy arp on the blade. But the issue continues.

Any thoughts or suggestions regarding this would be much appreciated.
This hat was handed to me due to the primary leaving the org, please bare with my experience.

- J

Re: Return traffic from an internal server is directed to public NAT WAN ip

_Val_ — Sat, 19 Nov 2022 10:40:58 GMT

What is the drop reason? Cannot find it in the log

Re: Return traffic from an internal server is directed to public NAT WAN ip

Chris_Atkinson — Sat, 19 Nov 2022 11:31:09 GMT

Does all the correct routing back to the source exist?

With your NAT policy are there differences between a source network that works vs one that doesn't?

Re: Return traffic from an internal server is directed to public NAT WAN ip

Vladimir — Sat, 19 Nov 2022 16:10:21 GMT

@COE_JW , please advise if:

1. you are using automatic or manual NAT for the source object.

2. there are other source objects present with duplicate IPs.

Additionally, in your screenshot, the packet being dropped is RST-ACK. If session has already timed-out (on Check Point), this will be the expected behavior.

Re: Return traffic from an internal server is directed to public NAT WAN ip

Bryan-Smith — Wed, 18 Jan 2023 14:23:43 GMT

@COE_JW I'm with @Vladimir . It appears as though the connection has timed out. Is it just the Azure App Service Migration tool that is having this issue?