This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
natureson
Explorer
‎2019-10-04 02:16 AM
Jump to solution

PPPoE connection problem (CP3200)

Hi Mates,

I have a problem with PPPoE connection to ISP on my CP3200 HW appliance. Everything`s work fine on Cisco router with these settings:

interface Dialer1

mtu 1492

ip address negotiated

ip mtu 1480

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname ******@***

ppp chap password 0 ****

ip virtual-reassembly

interface GigabitEthernet0/0/0.20

encapsulation dot1Q 20

ip address 192.168.*.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1196 (*non standart value, but provided from ISP and works fine)

ip ospf 1 area 4

ip virtual-reassembly

As you can see we`ve set required parameteres (such as adjust-mss and MTUs) and this is working fine on Cisco router, but i need to connect my ISP connection directly to CP3200. I`ve created PPPoE interface and it is connecting normally but the issue is that clients doesn`t have Web access, only pings (ICMP) works fine. Currently we don`t have any stricts in policy it just set to Allow all, and we use typical ethernet interface facing to Internet everythings work but not with PPPoE. So, how i can adjust mss values on interfaces to make HTTP sessions establishing normally.

 

Thank you very much.

0 Kudos
2 Solutions

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
‎2019-10-06 05:04 AM
Jump to solution

Have you tried disabling SecureXL?
You can try disabling it with [fwaccel off] command from clish to test it out on the fly.

AFAIK, PPPoE interfaces are not not supported with SecureXL. (though SXL should automatically be disabled on ppp interfaces...)

ATRG: SecureXL for R80.10 and below
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ATRG: SecureXL for R80.20 and above
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2019-10-04 09:36 PM
Jump to solution

To adjust the MSS, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Wolfgang
Authority
Authority
‎2019-10-05 12:23 PM
Jump to solution

Natureson,

the solution mentioned by Dameon really solves your problem with PPPoE.

Please be aware of the different settings for the different release versions !

Wolfgang

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2019-10-06 05:04 AM
Jump to solution

Have you tried disabling SecureXL?
You can try disabling it with [fwaccel off] command from clish to test it out on the fly.

AFAIK, PPPoE interfaces are not not supported with SecureXL. (though SXL should automatically be disabled on ppp interfaces...)

ATRG: SecureXL for R80.10 and below
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ATRG: SecureXL for R80.20 and above
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

natureson
Explorer
‎2019-10-08 01:40 AM
In response to Tom_Hinoue
Jump to solution

Thank you very much, now it looks like my problem solved.

0 Kudos
khadao
Explorer
‎2020-02-05 01:10 AM
In response to Tom_Hinoue
Jump to solution

After I try disabling it with [fwaccel off] command , i can access some website. I can't access all website. 

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2020-02-18 08:16 PM
In response to khadao
Jump to solution

If that happens with certain websites, then try adjusting the MTU/MSS with your ISP as PhoneBoy and Wolfgang suggested above. It should help you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events