Create a Post
Showing results for 
Search instead for 
Did you mean: 

CP R80.10 All latest updates. Routing anomaly

I have a user that is trying to access a specific website. If I run an nslookup on the website I get the IP for that host. If I try to run a traceroute to that host it goes nowhere, and I mean nowhere. Even better, the CP logs do not log the event. IF I try it from our backup link with a non-CP device, it routes to host without issue. What can I do to determine why this specific site is being blocked? I have tried adding specific exemptions and rules to allow the traffic but to no avail.

3 Replies

Hi Tony,

The first step is understand the way of packets.

- Why traceroute for destination website don't show nowhere?

- What's default gateway of user machine? Check Point firewall?

- Fw ctl zdebug drop show any drop?

- Which blades do you have enabled in this enviroment?

- How do you convert the traffic of user for alternative link non-CheckPoint.

Alisson Lima

0 Kudos

The site we are dealing with is Traceroute to say on same workstation works fine. The default gateway is a Checkpoint 3200. To convert to alternative link for tests I simply change the default gateway of the workstation to point at the non-Checkpoint device. Each link does have a different ISP. I have IPS/Anti-Bot/Antivirus and I use GeoPolicy. There have been no recent changes to the firewall. Access to began failing February 5.

traceroute to (, 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *


Do you actually permit ICMP and log it?

Please check the global properties first and if the ICMP and the Implied rules logging is not enabled there, create an explicit rule in your policy for this purpose.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events