Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hi All,
I would like to confirm that follow traffic is the same TCP session.
The traffic is dropped because the connection table is not synced (Blades 1 to 6) SYN-ACK packet received on member Id 2-4
the first traffic Accepted on PRT-VS1-TRUST-EXT as below;
Src: nsh-sci-02 (10.100.229.52) s_port: 65253 dst: 10.136.96.24 d_port:20001 -25 Jan 25, 3:53:29 a.m.
the traffic Accepted next FW PRT-VS2-TRUST-InT-IAAS as below;
Src: nsh-sci-02 (10.100.229.52) s_port: 65253 dst: 10.136.96.24 d_port:20001 on Member Id: 2_ 2 -25 Jan 25, 3:53:29 a.m.
then traffic dropped on PRT-VS2-TRUST-InT-IAAS, Member Id 2_4 was dropped packet at 25 Jan 25, 3:56:42 a.m.
due to 3 minutes time differece Accect(25 Jan 25, 3:53:29 a.m.) and drop(25 Jan 25, 3:56:42 a.m.), someone advised that it might not be the same TCP session.
Are there any ways to confirm that this is the same TCP connection establishment travering different firewalls ?
I suggest you enable "Per Session" on relevant rule.
This will create a session log for every session and you can see all relevant connection logs related by either:
a. Selecting the session log in logs view and select "Connections" in the lower pane.
b. By clicking on the session button on the connection log itself:
