https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/61861#M4736 <P>Dear all,</P><P>First of all - I am no checkpoint guru so there could be something elementary that I've missed. But, I'm configuring EAP-TLS communication between my WLC (Cisco) &amp; RADIUS (NPS in DMZ).&nbsp;Please note the object is referencing the DMZ IP-address. I've created a rule for NEW-RADIUS traffic between the two objects to accept traffic, but I can still see drops.&nbsp;</P><P>1. From the Smartconsole in the 'Logs &amp; Monitor' section I notice that the drop is missing a reference to a specific rule.&nbsp;</P><P>2. When I enabled ICMP echo-request the behaviour was the same, dropped traffic without a reference to a access rule.&nbsp;</P><P>&nbsp;</P><P>If you have any tips, suggestions or if you need additional information - please let me know <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>I'll await your kind reply,</P><P>TB</P> Wed, 04 Sep 2019 13:21:50 GMT Brander 2019-09-04T13:21:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/61861#M4736 <P>Dear all,</P><P>First of all - I am no checkpoint guru so there could be something elementary that I've missed. But, I'm configuring EAP-TLS communication between my WLC (Cisco) &amp; RADIUS (NPS in DMZ).&nbsp;Please note the object is referencing the DMZ IP-address. I've created a rule for NEW-RADIUS traffic between the two objects to accept traffic, but I can still see drops.&nbsp;</P><P>1. From the Smartconsole in the 'Logs &amp; Monitor' section I notice that the drop is missing a reference to a specific rule.&nbsp;</P><P>2. When I enabled ICMP echo-request the behaviour was the same, dropped traffic without a reference to a access rule.&nbsp;</P><P>&nbsp;</P><P>If you have any tips, suggestions or if you need additional information - please let me know <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>I'll await your kind reply,</P><P>TB</P> Wed, 04 Sep 2019 13:21:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/61861#M4736 Brander 2019-09-04T13:21:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/61897#M4739 Double-clicking the relevant log entry and looking at further details may explain why it's being dropped. Wed, 04 Sep 2019 17:55:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/61897#M4739 PhoneBoy 2019-09-04T17:55:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/62025#M4742 <P>Dear PhoneBoy,<BR />Is there something special I should keep an eye out for?&nbsp;</P><P>I guess something weird is the 'Message information':&nbsp;Address spoofing.</P><P>&nbsp;</P><P>The source and destination is two different subnets, without a specific route enabled. Is this a requirement?&nbsp;</P><P>&nbsp;</P> Fri, 06 Sep 2019 10:15:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/62025#M4742 Brander 2019-09-06T10:15:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/62080#M4748 It should also be logged against Rule 0, which is an implied rule.<BR />Anti-spoofing is exactly why the traffic is being dropped, and you need to fix that.<BR />This may mean adding routes, changing the gateway object configuration, or both.<BR /><A href="https://community.checkpoint.com/t5/General-Topics/A-Primer-on-Anti-Spoofing/m-p/23042" target="_blank">https://community.checkpoint.com/t5/General-Topics/A-Primer-on-Anti-Spoofing/m-p/23042</A> Fri, 06 Sep 2019 15:41:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NEW-RADIUS-traffic-drop/m-p/62080#M4748 PhoneBoy 2019-09-06T15:41:24Z