This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vladdar
Participant
‎2022-02-01 02:08 AM

1800 SMB set source ip for connections originating from cluster

Hello all,

I am trying to figure out how the connections are originated from checkpoint SMBs.

I have a scenario. I am using RADIUS authentication for RA VPN and the radius packets towards customer LAN (where the radius server is) are sourced from the SYNC subnet (subnet that is used for cluster sync). Usually, the customer LAN would be directly connected and source IP would be from this subnet, but in my case cust. subnet 10.3.0.0/24 is routed over another p2p subnet because we are in migration phase. As a result my connection is sourced from IP of the wrong interface (LAN2/SYNC).

How can I change the source IP of the radius auth requests? Source NAT does not work (I am using strict  fw rules and automatic hide NAT is off). Boxes are locally managed.

 

10:17:56.073707 IP my.firewall.58523 > 10.3.0.96.radius: RADIUS, Access-Request (1), id: 0xde length: 56
10:18:01.075881 IP my.firewall.58523 > 10.3.0.96.radius: RADIUS, Access-Request (1), id: 0xde length: 56
10:18:06.077731 IP my.firewall.58523 > 10.3.0.96.radius: RADIUS, Access-Request (1), id: 0xde length: 56

 

# ping my.firewall
PING my.firewall (10.231.149.1): 56 data bytes
64 bytes from 10.231.149.1: seq=0 ttl=64 time=0.062 ms
64 bytes from 10.231.149.1: seq=1 ttl=64 time=0.057 ms

 

Thanks.

0 Kudos
6 Replies
_Val_
Admin
Admin
‎2022-02-01 03:09 AM

Let's cover basics first. Version, locally or centrally managed?

0 Kudos
vladdar
Participant
‎2022-02-01 03:43 AM
In response to _Val_

The current firmware version is R80.20.35 (992002577)

locally managed

0 Kudos
_Val_
Admin
Admin
‎2022-02-01 04:03 AM
In response to vladdar

Thank you. So what is the problem, RADIUS does not recognise those different IPs? Or something else?

0 Kudos
vladdar
Participant
‎2022-02-01 04:06 AM
In response to _Val_

Problem is that it is inconvenient because of the administration overhead. Customer has to allow and route new subnet. Subnet which should be used just for the interconnection of the cluster members.

This does not make sense to source connections from those IPs.

0 Kudos
_Val_
Admin
Admin
‎2022-02-01 04:11 AM
In response to vladdar

Source IPs are based on interfaces used to communicate with the server. When and if you change the topology and eliminate the network in the middle, it should be back to normal.

0 Kudos
vladdar
Participant
‎2022-02-01 04:30 AM
In response to _Val_

Yes I am counting on that.. But this: "Source IPs are based on interfaces used to communicate with the server" is not true right know. p2p interface towards customer is LANBOND0.3 interface and that is where the route towards server points and i would assume this would be the source of the connection but actually the source is SYNC interconnection interface between cluster members which is very weird. But if it cannot be change of course workaround is possible, it's just inconvenient.

 

Thanks Val.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events