This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Narrah_Munthali
Participant
‎2018-07-16 03:01 AM

cannot access www.yahho.com access

Hello Mates. I have just configured my checkpoint R80.10 and has not blocked any sites. I am able to access all the other pages except www.yahoo.com which times out when in checks TSL configurations. I have  tried different computers and browsers but nothing has changed. has any of you guys ever had this problem.  

firewall.txt.zip
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2018-07-16 06:59 AM

What do you see in the logs when you attempt to access www.yahoo.com?

What does your rule look like to allow access to www.yahoo.com?

Have you done a tcpdump to validate traffic is flowing correctly or used something like fw ctl zdebug + drop?

0 Kudos
Narrah_Munthali
Participant
‎2018-07-18 12:13 AM

I have the log for the command that you specified. For the internet access I have the below policy, 

source: internal network destination : any service application: Http/Https action Accept.

I allowed everything on HTTP and HTTPS. I have the log but am having some problems to attach it 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-18 07:33 AM
In response to Narrah_Munthali

I'm not sure how many of the errors in the debug output relate to the specific issue, but I see a few things you should probably fix:

  • ;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=1 41.217.216.18:1281 -> 41.75.1.100:9672 dropped by fw_icmp_stateless_checks Reason: ICMP redirect packets are not allowed;
    • Since we ignore ICMP redirect packets, this can potentially create connectivity issues. You should fix whatever issue is causing ICMP redirects to be issued.
  • ;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 172.16.0.200:62578 -> 87.248.98.7:443 dropped by fw_first_packet_state_checks Reason: First packet isn't SYN;
    • This usually points to an asymmetric routing issue, meaning outbound packets are taking one path and inbound packets are taking another. Based on the destination IP address being associated with Yahoo, this is probably your issue.
  • ;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=1 172.16.20.1:2048 -> 172.16.9.1:20866 dropped by fw_local_anti_spoofing Reason: local interface spoof;
    • Most likely something is misconfigured in your gateway anti-spoofing settings.
0 Kudos
Narrah_Munthali
Participant
‎2018-07-23 12:09 AM
In response to PhoneBoy

When I try to browse am getting this error on the browser, The site can’t provide a secure connection. uses an unsupported protocol. The client and server don’t support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-23 07:22 AM
In response to Narrah_Munthali

If you are not doing SSL Inspection on the firewall (must be explicitly enabled), then this can't be caused by the firewall.

But it does prove you've moved past your previous issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events