This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
J_Saun
Contributor
‎2020-01-14 09:56 AM
Jump to solution

Firewall not forwarding traffic - policy unloaded

We have a 5000 series appliance that has not been added to a management station yet. In order to permit traffic through temporarily while we build other components we issues the 'fw unloadlocal' command. When we try to route through the firewall (using ping from a src outside one int and destined for a host on a different int) we see it get processed on the inbound interface (little i and big I) but it never leaves the destination interface.

We have verified we can ping the destination and that a route exists.

With the policy unloaded AND the firewall not being part of a management station would it not just act as a router and process traffic? Is there a debug command that can tell us whats going on?

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2020-01-14 10:00 AM
Jump to solution

Nope, when the policy is unloaded there is no forwarding. It is then just a simple Linux host, not a router.

After searching for this I found this CPUG entry that says to issue the following command to reanble IP forwading:

echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks Tim.

 

Regards, Maarten

View solution in original post

2 Replies
Maarten_Sjouw
Champion
Champion
‎2020-01-14 10:00 AM
Jump to solution

Nope, when the policy is unloaded there is no forwarding. It is then just a simple Linux host, not a router.

After searching for this I found this CPUG entry that says to issue the following command to reanble IP forwading:

echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks Tim.

 

Regards, Maarten
J_Saun
Contributor
‎2020-01-14 10:23 AM
In response to Maarten_Sjouw
Jump to solution

Thanks! That was it. Traffic is being forwarded now.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top