This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
skandshus
Advisor
Advisor
‎2021-05-27 08:46 AM
Jump to solution

Port redirection not working?

So im having quite some issues regarding opening ports/creating nat rules for when i need to remotely access inside ressources on their default port, but using a different remote port.

 

 

Example down below:

Trying to access a Terminal-Server. where the usual port 3389 is not available. so its due to hit on port 8889 and then be translated to the inside server at port 3389.

When i check the firewall rule, traffic is allowed and i can also see hits, but nothing ever responds when trying to access it "outside"

 

 

0 Kudos
1 Solution

Accepted Solutions
skandshus
Advisor
Advisor
‎2021-05-27 01:10 PM
In response to skandshus
Jump to solution

i think ive managed to find the issue.
as soon as i renamed the object with fewer characters it started working

 

 

After renaming the object from 17 Character to a few and pushed policy the NAT rule started working correctly 
thank you for the help everyone 🙂

View solution in original post

12 Replies
the_rock
MVP Diamond
MVP Diamond
‎2021-05-27 09:08 AM
Jump to solution

Seems like rule is being hit, if you do fw monitor, do you even see traffic working? Have you tried disabling securexl?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 09:37 AM
In response to the_rock
Jump to solution

Since I am still in the learning phase of checkpoint I do not know what secureXL is.. and I see see it’s being hit.. if I do a wire shark capture on the terminal server then nothing arrives at it unless it’s local traffic.. so for some reason my GW isn’t forwarding the traffic..

 

btw what is fw monitor?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2021-05-27 09:43 AM
In response to skandshus
Jump to solution

This would be good place to check on it if you are not familiar, but in essence, its supposed to accelerate the traffic:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

In some cases, it could cause traffic issues, so one way to confirm, would be if you run fwaccel off on the gateways and then test again, no need to push the policy. To turn it back on, just run fwaccel on

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 10:16 AM
In response to the_rock
Jump to solution

Turning off SecureXL didnt make a difference 😞

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2021-05-27 10:24 AM
In response to skandshus
Jump to solution

 Ok, try this...fe ctl zdebug + drop | grep 3389

 

Message me privately, lets do remote later on.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 10:26 AM
In response to the_rock
Jump to solution

THANK YOU!!!
Ill fire off the command NOW

0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 10:51 AM
In response to skandshus
Jump to solution

And i've also sent you a private message

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2021-05-27 11:51 AM
Jump to solution

Did you allow both IPs (original and translated destination) in your rule?

Are you aware of the returning packets, they should be NATed to seen external with the external IP. 
And at last, has your terminalserver a route through the gateway to access the external world?

0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 12:44 PM
In response to Wolfgang
Jump to solution

Hi Wolfgang.
about the retur packet.. would you care to show me an example by using the attached picture i had in the original topic?
I should have nat return though, but i could have made a mistake..
My terminalserver can access the internet perfectly.. and its hidden behind nat

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2021-05-27 12:54 PM
In response to skandshus
Jump to solution

The shown picture is only a rule for NAT. You have to configure a rule in the network layer to allow the traffic from external to your destination hosts.

0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 12:58 PM
In response to Wolfgang
Jump to solution

I've attached photos here..
the firewall accept's the traffic, but it just doesnt go any further.

 

if i do a wiresharp capture on the terminal server, no traffic arrives..
but if i try to connect from an internal server to the terminal server, traffic arrives and can be seen on the wireshark capture.

 

 

 

0 Kudos
skandshus
Advisor
Advisor
‎2021-05-27 01:10 PM
In response to skandshus
Jump to solution

i think ive managed to find the issue.
as soon as i renamed the object with fewer characters it started working

 

 

After renaming the object from 17 Character to a few and pushed policy the NAT rule started working correctly 
thank you for the help everyone 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events