Re: Checkpoint IDC is getting frequently disconnec...

pradeep_paka1 · ‎2021-05-21

Hi All,

Need help..

Checkpoint IDC is getting frequently disconnected from ISE admin Node.

every time i need to restart service to make connection up again and after that it will get disconnected after 5 to 10 min.

Is there any solution for this?

I logs i can see below. "deny tcp (no connection) flags rst on interface "

PhoneBoy · ‎2021-05-21

Is there any firewall between the two?
Its possible you will need a TAC case to troubleshoot this.

pradeep_paka1 · ‎2021-05-22

Yes there is Cisco FW in between both and we see deny logs like "deny tcp (no connection) flags rst on interface".

All required ports are already allowed. Also IDC's are upgraded to 81.0018.0000 version.

PhoneBoy · ‎2021-05-22

That error suggests a possible asymmetric routing issue, which any stateful firewall is going to have issues with.
See: https://community.cisco.com/t5/network-security/deny-tcp-no-connection/td-p/2685271

pradeep_paka1 · ‎2021-08-10

This is solved after TAC gave hotfix.

Thanks..

MichaelGur · ‎2021-12-13

Can you tell me please, what hotfix solved this issue?

Are you a member of CheckMates?