- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
I have 2 RADIUS servers that are trying to talk to each other through a Checkpoint R80.30 ClusterXL.
It seems to be failing with a lot of errors in the logs saying "Fragment_time_exceeded" traffic dropped.
I have tried to allow all ICMP between the end clients but there is no PMTUD taking place and there doesn't seem to be a way to enable this traffic to fragment and reassemble without failing with these errors.
We have all the latest hotfixes required. Is there a reason for this?
it should be done via guidbedit and then push policy, see attached
if you did it and still have an issue i suggest to open TAC case.
If this was a connection using VPN i would have cried MTU, MTU! But this looks different. Maybe still the following can help: sk98074: MTU and Fragmentation Issues in IPsec VPN
Please check under GuiDBedit "icmperrors", by default it should be allowed "true" looks like in your case the policy not allowing it, if it false change it to true and recheck.
Hi
I made this change, but I am still getting the same error. I made the change on the management server - is this correct or did it need to get made on the firewalls themselves?
Yesterday I have also added an exception to the inspection settings for traffic between the 2 RADIUS servers in case this was the problem. It seemed to make it a little bit better but I still see the error and still have problems.
Thanks
it should be done via guidbedit and then push policy, see attached
if you did it and still have an issue i suggest to open TAC case.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY