This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dkzndkqh
Contributor
‎2025-03-17 06:09 AM

Endpoint Security VPN

My client currently has Firewall A and Firewall B, which are connected via an IPsec VPN. However, when using Capsule VPN (Windows), whether the gateway is set to Firewall A or Firewall B, access to the internal network works. But with Endpoint Security VPN, unlike with Capsule VPN, access to the internal network of each firewall is not possible. Has anyone experienced a similar situation? When pinging, the packets don't even reach the firewall. It's not a policy issue.

Labels
0 Kudos
4 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-03-17 06:28 AM

Gateway & client version, is MEP configured?

Does this effect all users/clients or just your specific location and what type of ISP link is used e.g. IPV6 or CGNAT etc

 

CCSM R77/R80/ELITE
0 Kudos
dkzndkqh
Contributor
‎2025-03-17 07:33 AM
In response to Chris_Atkinson

No, current vpn community is mesh type , so it is not an MEP configuration , and it applies to all users connecting via Endpoint Security VPN regardless of location. The ISP is using CGNAT."

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 09:05 AM
In response to dkzndkqh

Just curious, does deleting and re-creating tyhe site works? If not, then we would need to do captures to see if you even see any traffic on tunnel test port 18234?

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 09:08 AM
In response to the_rock

@dkzndkqh 

See my lab example...IMPORTANT to point out, see how last flag shows Oe, meaning outbound and encrypted.

Andy

 

[Expert@R82:0]# fw monitor -e "accept port(18234);"
PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable
PPAK 0: Get before set operation succeeded of fwmonitor_debug_filter_off
PPAK 0: Get before set operation succeeded of fwmonitorfreebufs
************************************************************** NOTE **************************************************************
*** Using "-e" filter will not monitor accelerated traffic. To monitor and filter accelerated traffic please use the "-F" filter ***
************************************************************************************************************************************
FW monitor will record only ip & transport layers in a packet
For capturing the whole packet please do -w
PPAK 0: Get before set operation succeeded of fwmonitor_ppak_all_position
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
PPAK 0: Get before set operation succeeded of fwmonitormaxpacket
PPAK 0: Get before set operation succeeded of fwmonitormask
PPAK 0: Get before set operation succeeded of fwmonitorallocbufs
PPAK 0: Get before set operation succeeded of printuuid
[vs_0][fw_1] eth0:i[40]: 172.17.10.1 -> 172.16.10.253 (UDP) len=40 id=1
UDP: 18534 -> 18234
[vs_0][fw_1] eth0:I[40]: 172.17.10.1 -> 172.16.10.253 (UDP) len=40 id=1
UDP: 18534 -> 18234
[vs_0][fw_1] eth0:o[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18534
[vs_0][fw_1] eth0:O[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18534
[vs_0][fw_1] eth0:Oe[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18534
[vs_0][fw_1] eth0:i[40]: 172.17.10.1 -> 172.16.10.253 (UDP) len=40 id=1
UDP: 18535 -> 18234
[vs_0][fw_1] eth0:I[40]: 172.17.10.1 -> 172.16.10.253 (UDP) len=40 id=1
UDP: 18535 -> 18234
[vs_0][fw_1] eth0:o[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18535
[vs_0][fw_1] eth0:O[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18535
[vs_0][fw_1] eth0:Oe[40]: 172.16.10.253 -> 172.17.10.1 (UDP) len=40 id=1
UDP: 18234 -> 18535
^C monitor: caught sig 2
monitor: unloading
PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable
PPAK 0: Get before set operation succeeded of fwmonitor_debug_filter_off
PPAK 0: Get before set operation succeeded of fwmonitorfreebufs
[Expert@R82:0]#

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events