This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luciano_Cirino
Contributor
‎2023-07-31 05:20 AM

Problem with asymmetry

Good morning everyone,

We are facing an issue with a specific access. When trying to access it, the packet that should exit through the eth8.7 interface, one of the providers we have, is going out through another interface that is not configured.

Problem with asymmetry? Has anyone experienced this before?

Below is an image with the packet capture details.

Preview file
313 KB
0 Kudos
10 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-07-31 05:24 AM

More details are likely required about your configuration, things like NAT and ISP redundancy config?

What does your routing table show as the correct egress path for the destination?

CCSM R77/R80/ELITE
the_rock
MVP Diamond
MVP Diamond
‎2023-07-31 05:51 AM

Make sure topology is correct and routes are also indeed right. Run ip r g command, ie ip r g 8.8.8.8

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-07-31 06:02 AM

Also, Im little confused by your statement "...is going out through another interface that is not configured"

How is that even possible?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Luciano_Cirino
Contributor
‎2023-07-31 11:00 AM
In response to the_rock

I'm sorry for the lack of details in the previous explanation.

The packet enters through the interface eth8.7 (link A), goes through the inspection and NAT flow correctly, and then it is returned through eth8.8 (link B).

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-07-31 11:16 AM
In response to Luciano_Cirino

Question...is this brand new issue or just started recently? Any changes made?

 

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-07-31 04:19 PM
In response to Luciano_Cirino

Can you please show the routing table output for this destination also is there any PBR configured that would match this traffic?

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-07-31 06:39 AM

I would involve CP TAC asap to get this fixed...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Luciano_Cirino
Contributor
‎2023-07-31 11:00 AM
In response to G_W_Albrecht

We would like to inform you that we are already in contact with the TAC. Thank you.

the_rock
MVP Diamond
MVP Diamond
‎2023-07-31 12:04 PM
In response to Luciano_Cirino

What was done with TAC so far?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-07-31 05:56 PM
In response to Luciano_Cirino

If you could send us below from expert mode, would help, for sure.

route

netstat -nr

clish -c "show route all"

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events