Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Unable to ping from checkpoint gateway ip to gns3 router and vice versa

Hi,

I am unable to ping from checkpoint gateway ip to gns3 router and vice versa.

 

Manager IP : 192.168.43.90 Eth0

Gateway IP : 192.168.43.40 Eth0

Both are reachable. connectivity is good

I have gns3 router called Cloud connected to other interface of gateway. i.e 172.168.1.0 network. Please refer JPG file checkpoint Lab

IP address for gateway Eth1 interface is 172.168.1.2. Please refer interface eth1 jpg file

Gns3 router (Cloud) interface Fa0/1  IP address : 172.168.1.1

I am unable to reach the ip address 172.168.1.1 getting destination host unreachable

CPSecurityGateway>ping 172.168.1.1

PING 172.168.1.1 (172.168.1.1)  56(84) bytes of data

From 172.168.1.2 icmp_seq=1 Destination Host Unreachable

From 172.168.1.2 icmp_seq=3 Destination Host Unreachable

From 172.168.1.2 icmp_seq=4 Destination Host Unreachable

From 172.168.1.2 icmp_seq=5 Destination Host Unreachable

 

Troubleshooting steps performed :

1. fw unloadlocal on Security Gateway

2. Checked in global properties enabled "allow all icmp" changed to first.

 

Please suggest

Thanks

 

 

 

 

 

 

 

 

 

0 Kudos
8 Replies
Highlighted
Explorer

Virtual network adapter.JPG

0 Kudos
Highlighted
Admin
Admin

What precise version of Check Point is in use here?
Note that gns3 is not a supported virtualization environment.
0 Kudos
Highlighted
Explorer

Hi,

Thank you for answering. 

 

Its R77.30 version.  

I am aware its end of Support, but just wondering why would it not ping vice versa coz thats the important part of setup i am using. 

Thanks

 

 

0 Kudos
Highlighted
Admin
Admin

It may be that you are using virtual hardware not supported by R77.30.
What precise hardware did you specify for the NICs?
0 Kudos
Highlighted
Explorer

Hi.

Thank you for answering .

 

I am using Intel Centrino Ultimate 6300 AGN Wireless Adapter on my laptop. This is used as Bridged for Vmnet0 for both Security Manager & Security Gateway. Refer virtual network adapters thru Virtual Network Editor.JPG

 

Virtual Network adapters on Security Manager

Network adapter 1 - Vmnet 0 - Bridged 

Network Adapter 2 - Vmnet 1 - Custom

Refer Virtual Adapters on Managerr.JPG

 

Virtual Network adapters on Security Gateway

Network adapter 1 - Vmnet 0 - Bridged 

Network Adapter 2 - Vmnet 1 - Custom

Network Adapter 3 - Vmnet 2 - Custom

Refer Virtual Adapters on Gateway (2).JPG

 

Thanks Again..

 

 

 

0 Kudos
Highlighted
Explorer

 

I have done packet capture using the Wireshark.


Initiated Ping from Router (Cloud)...Please refer to Packet capture CPsecurityGateway Interface Eth1 to Fa01 interface of Router named cloud when ping inittiated from Cloud router.JPG.file

the Broadcast packets are sent successfully on the wire but no response from Gateway Vm

 

Also uploaded the packet capture when ping initiated from Gateway Vm to Router

Refer Packet capture CPsecurityGateway Interface Eth1 to Fa01 interface of Router named cloud when ping initiated from Gateway.jpg file

 

Here no packets are sent out of Gateway Vm interface.

Interface state is ON  ip address is correctly configured. 

 

Looks like Gateway Interface is not responding to ARP Requests as no hits observed on the Firewall. 

 

I am also adding arp debug output on router

refer debug arp output on GNS3 router jpg file

 

Also uploaded fw ctl zdebug drop output file.  Refer fw ctl zdebug drop output on Security Gateway.JPG file

I see rulebase drop - rule 0 even i deleted all of the policies in dashboard. 

 

Please suggest

 

Thanks in advance

 

 

0 Kudos
Highlighted
Collaborator

Hi just curious why isn't you use R80.10/20/30 images for your lab? Those are the images I use for my labs, is it because in your workplace you use 77.30?
0 Kudos
Highlighted
Admin
Admin

What I'm interested in is the virtual hardware presented to the virtual machine specifically for the NICs
For example, in VMware ESXi, I can choose among the following options:

Screen Shot 2020-06-09 at 3.58.10 PM.png

Whatever you've set up in gns3 is clearly not working.
If you can change it to E1000, try that as it should work.
If you have no option to change it, then you need to use a virtualization system known to work with R77.30 (like VMware) or use a version of Check Point known to work with gns3 (such as the R80.x releases).

0 Kudos