Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
I've set up the branch site firewall (1450 | R77.20.87 | 990173120 | 990173120) to allow access to its public IP ("x.y.z.a:4434") from the HQ network (m.n.o.p/29). So, access to the branch site firewall over the internet from specific public IPs. This setting works without any issue until a VPN tunnel is established between these two firewalls. After the tunnel is established, I lose admin access to the branch firewall's public IP from the HQ network. HQ firewall is 1570 | R81.10.07 | 996001457. Few notes:
- Encryption domains on both sides do not contain their public IPs or any public IPs
- When I look at the log on the branch site, I can see the VPN blade is blocking the local_WebUI service from HQ's server IP. Screenshot attached.
The SK I linked tells you what file to edit (crypt.def) as well as exactly what edits to make.
Line numbers are dependent on release as well as other changes you may have made.
Note these manual changes will have to be re-applied if you upgrade your firmware.
However, before you do that, you may want to see if this setting is available in R77.20.87 (which will do the same thing):
I used the webUI advanced settings as it was available. I changed the value to true on both sides. But it didn't help. Ran fw_configload as well as rebooted the branch site fw.
Generated a tcp dump on the HQ fw.
Command used: tcpdump -i any -nn -vvv -s0 -w /opt/fw1/tmp/email_tmp/tcp_dump.pcap host <HQ public IP> or host <Branch public IP> and port 4434
