This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BorisL
Collaborator
‎2023-10-24 12:15 AM

1500 problems with firmware R81.10.08_996001608

Since we updated this past week to R81.10.08_996001608, we were unable to connect to Checkpoint services. Our Harmony endpoints lost connection and we could not log in to portal.checkpoint.com. All other internet access seemed completely normal. Debugging web page access we saw that some checkpoint sites were reachable and others timed out. We thought it was the internet provider and performed all kinds of tests. Also, we were not able to connect to FW using watchtower. Opened a service request with Checkpoint and they told us "it is your internet provider, not our problem". 


We reverted the 1500 to 996000575. Problem solved. 

Our connection to internet is fiber PPoE with Telefonica. Only particular about this connection (bad but it has been there for a long time) is that first  ip address in traceroute, the fiber default router, is 192.168.x.x. I do not know if this is related to the problem or not. But definitely the firewall was blocking or not routing https responses.

FW has always worked and now works again with 996000575

Has anybody had problems with R81.10.08_996001608?

0 Kudos
36 Replies
Naama_Specktor
Employee
Employee
‎2023-11-01 04:22 AM

Hello @BorisL 

My Name is Naama Specktor and I am Checkpoint employee .

I will appreciate it , if you will share the SR TAC number , here or on PM.

 

Thanks,

Naama Specktor

0 Kudos
BorisL
Collaborator
‎2023-11-01 08:36 AM
In response to Naama_Specktor

Hi Naama,

The issue was disregarded by TAC as provider problem. As you can see from this thread, this is happening to others and clearly a consequence of the appliance update. Case 6-0003754349 

We do not have the time our resources to re-open TAC case and become CP testers. Sorry.

Best regards.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-01 06:46 PM
In response to BorisL

Hi Boris,

Could you please confirm the status of MSS clamping in your environment? e.g.

[Expert@Gateway-ID-XXXXXXXX]# fw ctl get int fw_clamp_tcp_mss

 

I'm aware of several customers using this firmware on PPPoE connections without issue.

 

 

CCSM R77/R80/ELITE
0 Kudos
BorisL
Collaborator
‎2023-11-01 11:36 PM
In response to Chris_Atkinson

Hi Chris.

In our unupgraded environment R80.10.00 Build 575, the value of fw_clamp_tcp_mss is 1 (we have not set it specifically).

Our PPPoE connection uses MTU=1500 VLAN=6

As said earlier, after upgrade behaviour seems normal except with some sites, including Check Point portal.

 

0 Kudos
BorisL
Collaborator
‎2023-11-16 08:48 AM
In response to Naama_Specktor

Hi.

Are there any news regarding the cases related to this issue?

best,

Boris

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-12-03 10:35 PM
In response to BorisL

For awareness there is a new build available, refer: sk181079 

30 November 2023: R81.10.08 Build 996001683 image has been released for 1500 / 1600 / 1800 appliances, replacing Build 996001608.

CCSM R77/R80/ELITE
BorisL
Collaborator
‎2023-12-03 11:11 PM
In response to Chris_Atkinson

Thanks Chris.

No mention in the "resolved Issues" of the problems reported in this thread, nor from other users who have reported them here. We will stay with 996000575 for now.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events