The NAT issue on CP firewall deployed in the Azure

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
The NAT issue on CP firewall deployed in the Azure

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

Krishna

Participant

‎2019-06-17 09:09 AM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

The NAT issue on CP firewall deployed in the Azure

We have built tunnel between the CP firewall (FW1) in Azure and CP firewall(FW2) in On-Primese.

The FW1 is a cluster and has two gateways in it. IP of gateway 1 is 10.10.10.4, IP of gateway 2 is 10.10.10.5 and IP of Cluster is 10.10.10.6. Gateway 1 is active

The tunnel initiation traffic/Phase 1 traffic is sent by the FW2 from port 500 to port 500 of FW 1.

We have done packet capture on the gateway 1 of FW1 and found that the the FW1 is receiving the traffic on cluster IP sent by the FW2, both source and destination ports are 500.

The gateway1 of the FW1 is replying to the FW2 from port 500 to port 500 of FW2

In the next packet while the gateway 1 IP is getting translated to the cluster IP i.e, from 10.10.10.4 to 10.10.10.6 the source port is also getting translated from port 500 to random port. Below are the logs collected from gateway 1

[vs_0][fw_0] eth0:o[180]: X.X.X.X -> 10.10.10.6 (UDP) len=180 id=20396
UDP: 500 -> 500
[vs_0][fw_0] eth0:o[180]: 10.10.10.4 -> X.X.X.X (UDP) len=180 id=10087
UDP: 500 -> 500
[vs_0][fw_0] eth0:O[180]: 10.10.10.6 -> X.X.X.X (UDP) len=180 id=10087
UDP: 12410 -> 500

Due to this the phase 1 of the tunnel is not getting established and the tunnel is not forming. Kindly provide a solution to this.

0 Kudos