https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10349#M1458 <HTML><HEAD></HEAD><BODY><P>I programmed tcpdump drivers years ago.&nbsp;</P><P>The problem is that 0.0.0.0 is used as any address in many IP stacks. The 0.0.0.0 IP address is sometimes called a wildcard address, unspecified address or INADDR_ANY.</P><P></P><P>Example:</P><P>...</P><P># define INADDR_ANY ((unsigned long int) 0x00000000)<BR />...</P><P></P><P>Therefore the address is not used as a real IP address. Furthermore, in some old IP stacks there are mathematical problems with 0.0.0.0, so it would never be allowed as real IP.</P><P>I think Check Point firewalls also intercepts the address 0.0.0.0. I would even prevent the SmartConsole software from entering the 0.0.0.0 address. But I haven't tried the input yet to see if it works.</P><P></P><P><IMG class="image-1 jive-image" height="147" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72898_pastedImage_1.png" width="490" /></P><P></P><P>At R77.30 you can enter the IP 0.0.0.0. What side effects this will have:-)</P><P></P><P>Regards</P><P>Heiko</P></BODY></HTML> Fri, 26 Oct 2018 21:03:59 GMT HeikoAnkenbrand 2018-10-26T21:03:59Z https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10347#M1456 <HTML><HEAD></HEAD><BODY><P>Using R77.30 firewall we were trying to allow DHCP discover packets to our gateway which had been configured as DHCP server. We have found DHCP discover packets drop on our firewall. These packets had source IP 0.0.0.0 and destination 255.255.255.255. So, we made a permissive rule with&nbsp;&nbsp;respective source and destination and service bootp. Firewall still drops the packets. TAC recommended us to change source to any, we did it and firewall accepted those packets. On the next step I have created IP address range object with first IP 0.0.0.1 and last IP 255.255.255.255, added it to source instead of any and negated source cell. As a result - firewall accepts our DHCP discover packets. When I change first IP in range to 0.0.0.0, firewall drops DHCP discover packets. Can somebody explain, why we can not use as source host 0.0.0.0 to accept this traffic but when we exclude every IP address except 0.0.0.0 from source, it works properly?&nbsp;</P></BODY></HTML> Fri, 26 Oct 2018 07:22:14 GMT https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10347#M1456 Serhii_Yaholnyt 2018-10-26T07:22:14Z https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10348#M1457 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #101010; background-color: #ffffff;">The IP address 0.0.0.0 has several special meanings on computer networks. However, it can not be used as a general-purpose device address. Probably therefore CP don't understand the range.&nbsp;</SPAN></P><P></P><P><SPAN style="color: #101010; background-color: #ffffff;">Read more here :&nbsp;<A href="https://www.lifewire.com/four-zero-ip-address-818384">https://www.lifewire.com/four-zero-ip-address-818384</A></SPAN></P></BODY></HTML> Fri, 26 Oct 2018 09:21:25 GMT https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10348#M1457 ED 2018-10-26T09:21:25Z https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10349#M1458 <HTML><HEAD></HEAD><BODY><P>I programmed tcpdump drivers years ago.&nbsp;</P><P>The problem is that 0.0.0.0 is used as any address in many IP stacks. The 0.0.0.0 IP address is sometimes called a wildcard address, unspecified address or INADDR_ANY.</P><P></P><P>Example:</P><P>...</P><P># define INADDR_ANY ((unsigned long int) 0x00000000)<BR />...</P><P></P><P>Therefore the address is not used as a real IP address. Furthermore, in some old IP stacks there are mathematical problems with 0.0.0.0, so it would never be allowed as real IP.</P><P>I think Check Point firewalls also intercepts the address 0.0.0.0. I would even prevent the SmartConsole software from entering the 0.0.0.0 address. But I haven't tried the input yet to see if it works.</P><P></P><P><IMG class="image-1 jive-image" height="147" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72898_pastedImage_1.png" width="490" /></P><P></P><P>At R77.30 you can enter the IP 0.0.0.0. What side effects this will have:-)</P><P></P><P>Regards</P><P>Heiko</P></BODY></HTML> Fri, 26 Oct 2018 21:03:59 GMT https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10349#M1458 HeikoAnkenbrand 2018-10-26T21:03:59Z https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10350#M1459 <HTML><HEAD></HEAD><BODY><P>Check Point will&nbsp;also drop your traffic if it has source or destination port defined as 0. It is done for similar reasons and for security.</P><P><A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk27109" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk27109">SmartView Tracker drop logs show "Invalid TCP packet - source / destination port 0"...</A>&nbsp;</P></BODY></HTML> Sat, 27 Oct 2018 13:39:29 GMT https://community.checkpoint.com/t5/General-Topics/Strange-Firewall-logic-for-DHCP-discover-packets/m-p/10350#M1459 AlekseiShelepov 2018-10-27T13:39:29Z