This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2023-10-02 08:17 AM

Internet access problems.

Hello.

I have a ClusterXL HA, version R81.10.

We have "Internet" consumption problems on 1 VLAN in particular (We have several VLANs).

The problem is that, the VLAN X.X.2.0/24, every so often, "runs out of Internet" (Can not consume web services), and what is done as "Workaround", is to disconnect/connect the network card of the PCs, or reboot the PC.

We have quite general "rules", 1 rule for the Internal DNS servers, and another rule below, for the Internet access, but basically the rules are like an "any, any".

Are there any recommendations here that would allow me to rule out that the problem is the Cluster Firewalls?

Thank you.

0 Kudos
3 Replies
CaseyB
Advisor
‎2023-10-02 08:37 AM

When the Internet stops working on these devices, what do the firewall logs say? If you narrow down the source to the specific device not working at that time, do you see traffic hitting the firewall, if so, what are the messages? Have you ruled out other things such as duplicate IP addresses on that VLAN? Do all of the devices have the problem at the same time or do some still work?

0 Kudos
Matlu
Advisor
‎2023-10-02 11:03 AM
In response to CaseyB

Hello,

In the Firewall, when I have filtered the test IP, I have not observed that there are drops or something similar, for an Internet connection.

The strangest thing is that it is only one VLAN that has the problem, on the same interface where this VLAN passes, others pass, and these others have no problems.

Is there any way to rule out that it is a GW problem?

I have tested the Internet connectivity from the GW (Active) to the Internet, and I have the impression that everything is fine.

Cheers.

Preview file
2 KB
0 Kudos
the_rock
Legend
Legend
‎2023-10-02 11:07 AM
In response to Matlu

You can run ip r g 8.8.8.8 and say tracepath 8.8.8.8 commands to see the path its taking, if its the same. Also, zdebug would help, as well as generic tcpdump and fw monitor.

You can use below site my colleague made over the years to help people with different captures.

Cheers,

Andy

https://www.tcpdump101.com

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events