This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gyogesh
Explorer
‎2020-06-08 08:17 AM

Unable to ping from checkpoint gateway ip to gns3 router and vice versa

Hi,

I am unable to ping from checkpoint gateway ip to gns3 router and vice versa.

 

Manager IP : 192.168.43.90 Eth0

Gateway IP : 192.168.43.40 Eth0

Both are reachable. connectivity is good

I have gns3 router called Cloud connected to other interface of gateway. i.e 172.168.1.0 network. Please refer JPG file checkpoint Lab

IP address for gateway Eth1 interface is 172.168.1.2. Please refer interface eth1 jpg file

Gns3 router (Cloud) interface Fa0/1  IP address : 172.168.1.1

I am unable to reach the ip address 172.168.1.1 getting destination host unreachable

CPSecurityGateway>ping 172.168.1.1

PING 172.168.1.1 (172.168.1.1)  56(84) bytes of data

From 172.168.1.2 icmp_seq=1 Destination Host Unreachable

From 172.168.1.2 icmp_seq=3 Destination Host Unreachable

From 172.168.1.2 icmp_seq=4 Destination Host Unreachable

From 172.168.1.2 icmp_seq=5 Destination Host Unreachable

 

Troubleshooting steps performed :

1. fw unloadlocal on Security Gateway

2. Checked in global properties enabled "allow all icmp" changed to first.

 

Please suggest

Thanks

 

 

 

 

 

 

 

 

 

Preview file
26 KB
Preview file
46 KB
Preview file
75 KB
0 Kudos
8 Replies
gyogesh
Explorer
‎2020-06-08 08:27 AM

Virtual network adapter.JPG

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-08 09:28 AM

What precise version of Check Point is in use here?
Note that gns3 is not a supported virtualization environment.
0 Kudos
gyogesh
Explorer
‎2020-06-08 11:05 AM
In response to PhoneBoy

Hi,

Thank you for answering. 

 

Its R77.30 version.  

I am aware its end of Support, but just wondering why would it not ping vice versa coz thats the important part of setup i am using. 

Thanks

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-08 01:15 PM
In response to gyogesh

It may be that you are using virtual hardware not supported by R77.30.
What precise hardware did you specify for the NICs?
0 Kudos
gyogesh
Explorer
‎2020-06-09 03:41 AM
In response to PhoneBoy

Hi.

Thank you for answering .

 

I am using Intel Centrino Ultimate 6300 AGN Wireless Adapter on my laptop. This is used as Bridged for Vmnet0 for both Security Manager & Security Gateway. Refer virtual network adapters thru Virtual Network Editor.JPG

 

Virtual Network adapters on Security Manager

Network adapter 1 - Vmnet 0 - Bridged 

Network Adapter 2 - Vmnet 1 - Custom

Refer Virtual Adapters on Managerr.JPG

 

Virtual Network adapters on Security Gateway

Network adapter 1 - Vmnet 0 - Bridged 

Network Adapter 2 - Vmnet 1 - Custom

Network Adapter 3 - Vmnet 2 - Custom

Refer Virtual Adapters on Gateway (2).JPG

 

Thanks Again..

 

 

 

Preview file
76 KB
Preview file
69 KB
Preview file
47 KB
0 Kudos
gyogesh
Explorer
‎2020-06-09 07:36 AM
In response to gyogesh

 

I have done packet capture using the Wireshark.


Initiated Ping from Router (Cloud)...Please refer to Packet capture CPsecurityGateway Interface Eth1 to Fa01 interface of Router named cloud when ping inittiated from Cloud router.JPG.file

the Broadcast packets are sent successfully on the wire but no response from Gateway Vm

 

Also uploaded the packet capture when ping initiated from Gateway Vm to Router

Refer Packet capture CPsecurityGateway Interface Eth1 to Fa01 interface of Router named cloud when ping initiated from Gateway.jpg file

 

Here no packets are sent out of Gateway Vm interface.

Interface state is ON  ip address is correctly configured. 

 

Looks like Gateway Interface is not responding to ARP Requests as no hits observed on the Firewall. 

 

I am also adding arp debug output on router

refer debug arp output on GNS3 router jpg file

 

Also uploaded fw ctl zdebug drop output file.  Refer fw ctl zdebug drop output on Security Gateway.JPG file

I see rulebase drop - rule 0 even i deleted all of the policies in dashboard. 

 

Please suggest

 

Thanks in advance

 

 

Preview file
156 KB
Preview file
138 KB
Preview file
107 KB
Preview file
135 KB
0 Kudos
kb1
Collaborator
‎2020-06-09 03:36 PM
In response to gyogesh

Hi just curious why isn't you use R80.10/20/30 images for your lab? Those are the images I use for my labs, is it because in your workplace you use 77.30?
0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-09 04:04 PM
In response to gyogesh

What I'm interested in is the virtual hardware presented to the virtual machine specifically for the NICs
For example, in VMware ESXi, I can choose among the following options:

Screen Shot 2020-06-09 at 3.58.10 PM.png

Whatever you've set up in gns3 is clearly not working.
If you can change it to E1000, try that as it should work.
If you have no option to change it, then you need to use a virtualization system known to work with R77.30 (like VMware) or use a version of Check Point known to work with gns3 (such as the R80.x releases).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events