This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ricki_Juntak
Explorer
‎2021-12-02 01:35 AM
Jump to solution

Reject "'Ip address was blocked access to 'aws', why traffic always vpn traffic

Hello guys,

I need help about connection always rejected by gateway like scema below:

Host(ip local with nat static to public) - checkpoint gateway -> AWS

the network host is on the vpn domain grup network

the vpn domain is used on the community vpn remote access. but the host not connected overvpn.

the connection not overvpn but the gateway state from log said this is a vpn traffic (why this happening).

when we try test telnet to AWS(opening on the rule policy too) from some host not using vpn result is same and cannot ssh to aws

maybe anyone have face this same issue...

 

 

 

 

Preview file
100 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-12-12 04:00 PM
In response to Ricki_Juntak
Jump to solution

If you can't share details publicly, recommend working with the TAC.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-12-05 08:37 PM
Jump to solution

Your description isn't making a lot of sense.
A network diagram, screenshots of the relevant configuration, log cards (with sensitive details redacted), and version/JHF level is appreciated.

0 Kudos
Ricki_Juntak
Explorer
‎2021-12-07 06:17 PM
In response to PhoneBoy
Jump to solution

Thank you PhoneBoy for your response,

but I can't share the log, configuration and topology, regarding from user info.

we run vpn tu and find ip address a.b.c.d on the list ike, its means have a tunnel from a.b.c.d to CP gateway right?

but the user confirm no configuration vpn from a.b.c.d to CP gateway.

#vpn tu

Peer: a.b.c.d 
| Client public IP: inx invalid type (0) | | i: 2 ref: 1 |
| Authenticated at: Dec 6 08:02:27 | | i: 3 ref: 1 |
| Methods: ESP Transport 3DES SHA1 | | i: 4 ref: 1 |
| My TS: CP_Gateway | | i: 5 ref: 1 |
| Peer TS: a.b.c.d | | i: 6 ref: 1 |
| User: <L2TP_machine_user>_291593747757..|
| MSPI: 8000f3 (i: 1, p: - )

the last information from customer the endpoint(PC) have 2 vpn, 1 openvpn to a.b.c.d and 1 vpn to Checkpoint Gateway and at the CP Gateway have rule from vpn domain segmen to access a.b.c.d

0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-12 04:00 PM
In response to Ricki_Juntak
Jump to solution

If you can't share details publicly, recommend working with the TAC.

0 Kudos
Ricki_Juntak
Explorer
‎2021-12-12 06:22 PM
In response to PhoneBoy
Jump to solution

Thank you PhoneBoy

 

Regards,

Ricki

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events