Troubleshooting outbound traffic

Sam_Ponder — Wed, 08 Feb 2023 16:43:55 GMT

So troubleshooting outbound traffic to a single IP...

I can ping from the gateway just fine.

when doing a fw mon i get the following..

[Expert@IndyFWb:0]# fw monitor -e "accept host(192.147.37.210) and host(10.1.9.29) and ip_p=1;"

[vs_0][fw_0] bond3:i[44]: 10.1.9.29 -> 192.147.37.210 (ICMP) len=60 id=44783
ICMP: type=8 code=0 echo request id=1 seq=608
[vs_0][fw_0] bond3:i[44]: 10.1.9.29 -> 192.147.37.210 (ICMP) len=60 id=44784
ICMP: type=8 code=0 echo request id=1 seq=609
[vs_0][fw_0] bond3:i[44]: 10.1.9.29 -> 192.147.37.210 (ICMP) len=60 id=44785
ICMP: type=8 code=0 echo request id=1 seq=610
[vs_0][fw_0] bond3:i[44]: 10.1.9.29 -> 192.147.37.210 (ICMP) len=60 id=44786
ICMP: type=8 code=0 echo request id=1 seq=611

I have a rule that allows it as you can see below...

[Expert@IndyFWb:0]# fw up_execute src=10.1.9.29 dst=192.147.37.210 ipp=1
Rulebase execution ended successfully.
Overall status:
----------------
Active clob mask: 0
Required clob mask: 0
Match status: MATCH
Match action: Accept

Per Layer:
------------
Layer name: MainFWPol Network
Layer id: 0
Match status: MATCH
Match action: Accept
Matched rule: 1

fw ctl zdebug drops do not report any drops...

What are some next steps to try and determine why the traffic isn't leaving the gateway?

Trying to do some more troubleshooting before opening a case with Checkpoint support. Also want to be sure it isn't something simple.

Re: Troubleshooting outbound traffic

Sam_Ponder — Wed, 08 Feb 2023 17:20:24 GMT

well... more digging into it and got it figured out. It was a NAT issue and a fault on my config.

and if anyone else comes across this... I looked at the log entry in the smart app. and noticed it was trying to NAT to the incorrect network. Which got me to look at that nat rule and discovered my error in config.

topic Troubleshooting outbound traffic in Firewall and Security Management

Troubleshooting outbound traffic

Re: Troubleshooting outbound traffic