Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ivailo_Yanchev
Participant

remote access client IP address and port were changed -log flooded

Hi community,

recently our log is floated with this message, we receive like 20 per second, most of the time it is generated from the same VPN client.

We have not receive any report of connectivity problem, and our clients are not on mobile internet. We are using E80.40 GAIA with the latest Take 125

Can someone give is more information, what could be the reason for this?

Is it possible to suppress this log reports, so that our log is not flooded with it?

Best Regards.

{Time: Today, 09:25:24
Id: ac191402-e41e-7e0f-615e-bd04001*****
Id Generated By Indexer: true
First: true
Sequencenum: 100
Message: remote access client IP address and port were changed
User: epetkova
Old IP: 192.168.5.10
Old Port: 4500
New IP: 192.168.5.10
New Port: 4500
Mobile Access Session UID: 615E9222-0000-0000-AC19-1403D37*****
VPN Feature: Endpoint Connect
Type: Log
Policy Name: StandardGT
Policy Management: GTBGFW01
Db Tag: {B289A31F-77EB-B042-ABE5-AF5FB3EE7B2F}
Policy Date: Yesterday, 15:06:00
Blade: VPN
Origin: GW
Product Family: Access
Log Server Origin: GW (192.168.1.1)
Description: remote access client IP address and port were changed}

0 Kudos
9 Replies
_Val_
Admin
Admin

Please look into sk65331 and sk145895 (scenario 4)

0 Kudos
G_W_Albrecht
Legend
Legend

If this happens only for one special user, try uninstall and reinstall of (maybe newer) RA VPN client. The user is not disconnected after the message ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Ivailo_Yanchev
Participant

Hi,

No, all of our users are affected, just not all at the same time. Also, we updated to the newer version of CP mobile VPN client E85.30

Thank you.

0 Kudos
G_W_Albrecht
Legend
Legend

The user is not disconnected after the message, only logs are filing up ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Ivailo_Yanchev
Participant

Yes, only logs filling up. We asked some users with logs reported, and they said that everything is ok and connection is good.

0 Kudos
Gabriel_Rodrigu
Explorer
Explorer

Hi,

I'm having the same issue with a Firewall running R80.30 take 236, We have tested with the new RA client 85.40 but the issue still the same

 

0 Kudos
Ivailo_Yanchev
Participant

Hi,

Have you identified any service degradation. Is some of your user suffers any disconnects?

Also, We have started a case with checkpoint and are waiting for a patch.

0 Kudos
Gabriel_Rodrigu
Explorer
Explorer

HI,

 

The symptom is the same as yours, we have no degradation neither disconnections.

 

Regards

Gabriel Rodrigues

0 Kudos
Ivailo_Yanchev
Participant

We reseave a notification from checkpoint that the ongoing take 126 should fix this problem

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

PRJ-31029

But, most likely, we will wait for general availability before implementing the patch.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events