- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi All -
What is the best way of setting up the firewall rules/controls for a management server(6000) to manage external gateways, that is sitting behind a gateway managed by a different management server(410)?
I have tried to allow any service to/from the 6000 to/from the remote gateway and the 410 is showing allows to the traffic in the logs. However, in the logs in the 6000, I'm seeing drops due to "First packet isn't SYN".
Any suggestions? I have not opened a ticket yet but thought I would go this route first, in case I was missing something little.
Attached a simple diagram to incase I didn't describe it properly.
Thanks in advance.
Sam
Just to make sure I understand this right, based on your diagram, you want smart-1 6100 to be able to manage fw labeled "remote fw", right? But, the 6100 mgmt server sits behind the fw cluster thats managed by 410 server, correct?
If what I said is right, can you do capture on fw cluster and see whats happening with the traffic? First packet isnt SYN can mean asymetric routing, that it might not be part of an existing connection...maybe try turn off securexl on the fw just to be sure thats not causing the problem. I would definitely run fw monitor on the fw side to confirm why this is happening.
Andy
Yes.. you understood me correctly Andy.
Thanks for the suggestions. I will let you know.
In which logs of the 6000 SMS are you seeing drops due to "First packet isn't SYN".? It shows up in GW logs, so much i know.
the drops show in both the logs and the zdebug command.
When I did a fw monitor on the gateway, it seems to be trying to communicate with the internal IP of the mgmt appliance instead of the public/nat'd IP.
I remember working a ticket once where we manually edited a conf file on the gateway to point it at a different IP. Does anyone know which file that is?
When I first joined this gateway to the mgmt appliance it was on the internal network of the management appliance. The gateway seems to only know this internal IP and not the external. SIC communicates just fine and have also re-established it. I have event removed the gateway from the 6000 and readded it back. The Gateway is still using the internal IP address to try to get policy from.
Suggestions?
$FWDIR/conf/masters.
But see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY