Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tony_Graham
Advisor

CP R80.10 All latest updates. Routing anomaly

I have a user that is trying to access a specific website. If I run an nslookup on the website I get the IP for that host. If I try to run a traceroute to that host it goes nowhere, and I mean nowhere. Even better, the CP logs do not log the event. IF I try it from our backup link with a non-CP device, it routes to host without issue. What can I do to determine why this specific site is being blocked? I have tried adding specific exemptions and rules to allow the traffic but to no avail.

3 Replies
Alisson_Lima
Contributor

Hi Tony,

The first step is understand the way of packets.

- Why traceroute for destination website don't show nowhere?

- What's default gateway of user machine? Check Point firewall?

- Fw ctl zdebug drop show any drop?

- Which blades do you have enabled in this enviroment?

- How do you convert the traffic of user for alternative link non-CheckPoint.

Alisson Lima

0 Kudos
Tony_Graham
Advisor

The site we are dealing with is lotustalk.com. Traceroute to say google.com on same workstation works fine. The default gateway is a Checkpoint 3200. To convert to alternative link for tests I simply change the default gateway of the workstation to point at the non-Checkpoint device. Each link does have a different ISP. I have IPS/Anti-Bot/Antivirus and I use GeoPolicy. There have been no recent changes to the firewall. Access to lotustalk.com began failing February 5.

traceroute to lotustalk.com (35.241.38.148), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
etc...

Vladimir
Champion
Champion

Do you actually permit ICMP and log it?

Please check the global properties first and if the ICMP and the Implied rules logging is not enabled there, create an explicit rule in your policy for this purpose.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events