cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

CP R80.10 All latest updates. Routing anomaly

I have a user that is trying to access a specific website. If I run an nslookup on the website I get the IP for that host. If I try to run a traceroute to that host it goes nowhere, and I mean nowhere. Even better, the CP logs do not log the event. IF I try it from our backup link with a non-CP device, it routes to host without issue. What can I do to determine why this specific site is being blocked? I have tried adding specific exemptions and rules to allow the traffic but to no avail.

Tags (1)
3 Replies

Re: CP R80.10 All latest updates. Routing anomaly

Hi Tony,

The first step is understand the way of packets.

- Why traceroute for destination website don't show nowhere?

- What's default gateway of user machine? Check Point firewall?

- Fw ctl zdebug drop show any drop?

- Which blades do you have enabled in this enviroment?

- How do you convert the traffic of user for alternative link non-CheckPoint.

Alisson Lima

0 Kudos

Re: CP R80.10 All latest updates. Routing anomaly

The site we are dealing with is lotustalk.com. Traceroute to say google.com on same workstation works fine. The default gateway is a Checkpoint 3200. To convert to alternative link for tests I simply change the default gateway of the workstation to point at the non-Checkpoint device. Each link does have a different ISP. I have IPS/Anti-Bot/Antivirus and I use GeoPolicy. There have been no recent changes to the firewall. Access to lotustalk.com began failing February 5.

traceroute to lotustalk.com (35.241.38.148), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
etc...

Vladimir
Pearl

Re: CP R80.10 All latest updates. Routing anomaly

Do you actually permit ICMP and log it?

Please check the global properties first and if the ICMP and the Implied rules logging is not enabled there, create an explicit rule in your policy for this purpose.

0 Kudos