- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
We are having an issue with some connections, at least that we know. The connection is successfully made several times but from time to time randomly, the server is unable to reach the destination.
I ran a fw monitor and for the failed connections the packet just get up to [vs_0][fw_4] bond2.81:i9 (fw VM inbound ) while in a good connection the traffic goes through all the chain [vs_0][fw_4] bond1:O17 (Chain End).
Anybody can help?
Regards
Jorge
This probably needs some fw ctl debug magic, something like fw ctl debug -m fw + drop with all the other necessary commands. See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Hi I did a fw monitor
fw monitor -e 'accept ((src=172.16.116.74 , dst=194.165.190.103) or (src=172.16.116.70 , dst=194.165.190.103));' -p all
and for the working connections I can see
[vs_0][fw_1] bond2.81:i0 (IP Options Strip (in))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i1 (vpn multik forward in)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i2 (vpn decrypt)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i3 (l2tp inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i4 (Stateless verifications (in))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i5 (fw multik misc proto forwarding)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i6 (vpn tagging inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i7 (vpn decrypt verify)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i8 (SecureXL conn sync)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:i9 (fw VM inbound )[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I10 (fw accounting inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I11 (vpn policy inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I12 (SecureXL inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I13 (RTM packet in)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I14 (fw SCV inbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I15 (passive streaming (in))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I16 (TCP streaming (in))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I17 (IP Options Restore (in))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I18 (HA Forwarding)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond2.81:I19 (Chain End)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o0 (IP Options Strip (out))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o1 (vpn multik forward out)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o2 (vpn nat outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o3 (TCP streaming (out))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o4 (passive streaming (out))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o5 (vpn tagging outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o6 (Stateless verifications (out))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o7 (NAC Packet Outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:o8 (fw VM outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O9 (vpn policy outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O10 (SecureXL outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O11 (l2tp outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O12 (vpn encrypt)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O13 (RTM packet out)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O14 (fw accounting outbound)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O15 (TCP streaming post VM)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O16 (IP Options Restore (out))[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
[vs_0][fw_1] bond1:O17 (Chain End)[60]: 172.16.116.74 -> 194.165.190.103 (TCP) len=60 id=62230
TCP: 38534 -> 1093 .S.... seq=de928dc4 ack=00000000
but in a failed attemtp
[vs_0][fw_4] bond2.81:i0 (IP Options Strip (in))[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i1 (vpn multik forward in)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i2 (vpn decrypt)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i3 (l2tp inbound)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i4 (Stateless verifications (in))[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i5 (fw multik misc proto forwarding)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i6 (vpn tagging inbound)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i7 (vpn decrypt verify)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i8 (SecureXL conn sync)[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
TCP: 36492 -> 1093 .S.... seq=1033fef3 ack=00000000
[vs_0][fw_4] bond2.81:i9 (fw VM inbound )[60]: 172.16.116.70 -> 194.165.190.103 (TCP) len=60 id=47373
Regards
Hi!
We had the same problem with different ssh-connections on a VSX-Cluster. FW Monitor showed the same results.
After a CKP-Case (to be honest, there was no solution after a lot of debugs) we toggled the cluster-node from node 1 to node 2 and then back to node 1 again.
After this, the connections worked fine again. 🙂
Best regards
Martin
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY