This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bezeq_int
Participant
‎2024-03-08 08:27 AM

error Clear text packet should be encrypted

Yesterday we upgraded the mgmt from r80.40 to r81.20

and we have two firewalls still on r80.40

the site to site on the firewalls still up but the icmp/snmp traffic generated from same source ip addresses in the tunnel are being dropped with this error message:

@;3243628120;[vs_0];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=17 x.x.x.x:56134 -> y.y.y.y:161 dropped by vpn_drop_and_log Reason: Clear text packet should be encrypted;

@;3243632857;[vs_0];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=1 x.x.x.x:52 ->y.y.y.y:0 dropped by vpn_drop_and_log Reason: Clear text packet should be encrypted;

on the mgmt we edited this file: //opt/CPsuite-R81.20/fw1/lib/crypt.def  last lines to:

#ifndef NON_VPN_TRAFFIC_RULES
#ifndef IPV6_FLAVOR
#define NON_VPN_TRAFFIC_RULES (dst=y.y.y.y or dst=z.z.z.z)
#else
#define NON_VPN_TRAFFIC_RULES 0
#endif

the problem is still occurring

how to fix this ?

please advice

thanks

 

 

0 Kudos
8 Replies
the_rock
Legend
Legend
‎2024-03-08 08:40 AM

Let me see if I can find some stuff about this, it might be known issue if gateways are still on R80.40

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-03-08 08:41 AM

K, found it...MAKE SURE to backup the files first, of course

# cd $FWDIR/conf
# cp user.def.FW1 user.def.R8040CMP
 
Thats it. Then push the policy.
Andy
0 Kudos
bezeq_int
Participant
‎2024-03-08 09:07 AM
In response to the_rock

No sir, that also did not fix the issue

 

[Expert@CP-MGMT:0]# cd $FWDIR/conf
[Expert@CP-MGMT:0]# pwd
/opt/CPsuite-R81.20/fw1/conf
[Expert@CP-MGMT:0]# ll | grep user.def
...
-rwxrwx--- 1 admin bin 882 Mar 7 20:44 user.def.FW1
...
-rw-r----- 1 admin bin 732 Nov 16 2022 user.def.R8040CMP
...
[Expert@CP-MGMT:0]#
[Expert@CP-MGMT:0]# cp user.def.FW1 user.def.R8040CMP
[Expert@CP-MGMT:0]#
[Expert@CP-MGMT:0]# ll | grep user.def.FW
-rwxrwx--- 1 admin bin 882 Mar 7 20:44 user.def.FW1
[Expert@CP-MGMT:0]# ll | grep user.def.R
....
-rw-r----- 1 admin bin 882 Mar 8 18:56 user.def.R8040CMP

 

 

0 Kudos
the_rock
Legend
Legend
‎2024-03-08 09:28 AM
In response to bezeq_int

Did you install the policy?

0 Kudos
the_rock
Legend
Legend
‎2024-03-08 10:07 AM
In response to bezeq_int

K, fair enough. If thats the case, I dont want to tell you to modify anything else with that file, as Im worried we may make it worse and no one wants that on the weekend lol

Anyway...maybe reverse all the changes and lets take a step back here. So, IF its saying clear packet should be encrypted, logically, that insinuates to me that something is missing in the enc. domain possibly...can you check?

Best,

Andy

0 Kudos
bezeq_int
Participant
‎2024-03-08 10:39 AM
In response to the_rock

thankyou

we'll check with TAC

0 Kudos
Jelle_Hazenberg
Collaborator
Collaborator
‎2024-11-18 07:25 AM
In response to bezeq_int

Hi bezeq_int,

So, it's a while ago but any chance you could still share the outcome of your TAC case? Would be great for me but also other people crawling these topics.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top