Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
m4_prashanth
Participant
Jump to solution

NAT Rule Number 0 R77.30

Hi there,

   We have recently updated our NTP server IP address and on one of the CP Cluster noticed that NTP sync is not happening. While I was checking the logs, the specific NTP traffic is hitting a NAT rule number 0. But on the cluster there is no Hide behind gateway option is not configured. Also I checked the firewall object and NAT is not enabled. What are the other possibilities that result in this behaviour?

I can see the UUID of the NAT rule. With the help of that can I trace the NAT rule in smart dashboard?

 

Thank You in Advance 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

What is the precise source of the NTP traffic?
If it’s from one of the cluster members, traffic is always hidden behind the cluster IP by default unless disabled by: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,

But like my colleague suggests, R77.30 has been End of Support for a while now and you should upgrade to a supported release.

View solution in original post

0 Kudos
5 Replies
Tal_Paz-Fridman
Employee
Employee

It might be possible to search using the UID but I would recommend is upgrading from R77.30 to R80.40 or R81.

Searching using UID in NAT is possible in current versions.

We stopped supporting R77.30 in September 2019:

https://www.checkpoint.com/support-services/support-life-cycle-policy/#software-support

 

 

0 Kudos
PhoneBoy
Admin
Admin

What is the precise source of the NTP traffic?
If it’s from one of the cluster members, traffic is always hidden behind the cluster IP by default unless disabled by: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,

But like my colleague suggests, R77.30 has been End of Support for a while now and you should upgrade to a supported release.

0 Kudos
m4_prashanth
Participant

Thank you very much for the KB. Actually the traffic was getting NAT to the cluster vip and after allowing the cluster VIP for NTP, firewall was able to sync with NTP server.

 

I have couple of questions:

Though the traffic getting NAT to cluster VIP when I run the tcpdump utility on the gateway I still see the physical ip of the interface ip trying to connect to the NTP server. Is there any other options available to capture the traffic from the egress interface to confirm the source ip?

Further I have noticed though perform_cluster_hide_fold option was enabled for R80.20 cluster similar to R77.20, on the NTP server I’m receiving the traffic on the physical interface ip rather than cluster VIP. Is there any other options that will override the NAT.

Thanks in advance 

 

0 Kudos
PhoneBoy
Admin
Admin

fw monitor should show the traffic at each stage of the firewall chain.
You should be able to see if it is actually natting the traffic appropriately.

m4_prashanth
Participant

Thank you very much 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events