This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Chau
Contributor
‎2020-08-05 11:36 AM

Can changing port speed on a switch cause issues with VPN connectivity?

We discovered mismatch port speed on an upstream switch port connected to the inside interface of the IPS.  Fixed that and the network latency for VPN users resolved but now we are discovering a handful of users are having connectivity problems.  They get connected with their endpoint client and get disconnected within seconds.  These users are assigned static IPs via ipassignment.conf.  After removing them from this file, they are able to connect.  We also applied JHF 214 a few days ago, we were running 111.  This is for R80.30 running on VSX.

Trying to find root cause and we are not sure if this had something to do with the port speed change or possibly the JHF that was applied since those are the only two changes made  when this problem occurred.  Any ideas?

Additional details - we are seeing more tunnel test drops after the JHF update.  I'm beginning to think this JHF might be the cause.  Any known issues with JHF 214 from anyone that has applied it recently?

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-08-07 12:28 PM

You're going to have all kinds of issues if there is disagreement on connection speed.
However, the issues you're describing now seem to be related to the JHF, thus a TAC case is probably a good idea.

0 Kudos
David_Chau
Contributor
‎2020-08-07 12:41 PM
In response to PhoneBoy

TAC advised us to disable dynamic NAT port allocation and clear the connections and NAT table which seem to have resolved the issue so far.  A kernel level debug was also ran to determine root cause.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top