This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jason_Elmore1
Participant
‎2020-01-03 08:19 AM

Unable Access Two Websites

Strange situation with a couple websites.  (my.voya.com and bkdconnect.bkd.com)

We have an HA cluster of 15600s R80.10, all other internet traffic works fine just the above two sites fail to load and timeout, logs show no drops.

All internet traffic is hidden with manual NAT rule behind the VIP of the cluster.  If I NAT traffic behind another of our  external IP addresses the pages load fine.  

I'm guessing it has something to do with the VIP of the cluster but can't seem to find where the issue is.

I have checked and we are not using VMAC with the cluster.

It's strange as these two sites seem to be just login portals and I've not heard from users of any other site experiencing anything like this.

 

 

Jason

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-01-03 10:10 AM

Have you compared tcpdump output between the "working" and "not working" configuration?
Perhaps there is some clue there.
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-01-04 02:48 AM

Hi Jason

Are the test IPs from a different subnet to the VIP or the same?

Perhaps the far end is imposing some IP based restrictions -or- there is a problem with the return route...

fw monitor or tcpdump may give you some further insight I.e. confirm if there is any reply traffic.

 

Regards,

Chris

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-01-04 06:19 AM

Does it make a difference if you try http://my.voya.com and let it redirect into https, or go HTTPS directly with https://my.voya.com in the browser URL bar?  Also I assume using different browser types (i.e. Firefox vs. Chrome) doesn't make a difference?

There are some firewall drop events that won't generate a usual log entry, to find those run fw ctl zdebug drop then try to access those two sites through the cluster hide NAT.

Next step since you are on R80.10, is to try disabling SecureXL with fwaccel off then try to access the websites again.  Be sure to turn SecureXL back on with fwaccel on when done.  Not likely to help but worth a try.

There could be a stability/setup problem with your cluster which is why moving it to an arbitrary hide address makes it work, try gracefully powering off the standby member, then see if the reachability of those two websites changes while there is only a "cluster of one".

Failing those, next step as was mentioned earlier is a packet capture using tcpdump.

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top