This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
checkblast
Participant
‎2022-01-09 10:36 PM

[Quantum Spark - Invalid Segment Retransmission. Packet Dropped]

Hi guys,

 

I am getting some issues when working over a third party remote VPN connection through a Quantum Spark.

The Quantum Spark is configured in Bridge mode with all security services activated.

The third party VPN client establishes correctly and we are able to ping the remote servers.

As the RDP session is launched the VPN session is disconnected.

Attached is the error message seen in the logs.

 

Regards,

Preview file
60 KB
0 Kudos
6 Replies
_Val_
Admin
Admin
‎2022-01-09 11:55 PM

Are you sure this is the only log from that time of failed tunnel? It does not seem to be relevant to either RDP or VPN 

0 Kudos
checkblast
Participant
‎2022-01-11 01:10 PM
In response to _Val_

Hi.

The 3rd party VPN client is DrayTek Smart VPN which is used to connect to a remote gateway over the Internet through the Quantum Spark. As per tests conducted the problem is observed when the Fast SSL option is activated on the VPN client.

When the Fast SSL option is activated on the client, the VPN session is established and ping to remote servers work fine. When initiating RDP sessions, the VPN session is disconnected.

When the Fast SSL option is disabled on the client, the VPN session is established and ping to remote servers work fine. RDP sessions also work seamlessly..

As per logs, a packet drop is noticed when initiating the sessions with the Fast SSL option activated.

See attachment.

Regards,

Preview file
205 KB
0 Kudos
the_rock
Legend
Legend
‎2022-01-11 01:48 PM
In response to checkblast

I could be wrong when I say this, but based on screenshot you attached, it would appear its potentially IPS issue, though it gives attack name, but there is no confidence level.

Andy

0 Kudos
_Val_
Admin
Admin
‎2022-01-12 12:50 AM
In response to checkblast

Please open a TAC case for this

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-01-12 01:25 AM
In response to checkblast

Why not disable Fast SSL option ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-01-13 07:31 PM

I'm not able to determine what "Fast SSL" means from the DrayTek documentation, but I did see that this setting is now disabled by default in the later 2019 releases.  I'd guess perhaps it shortens the TCP retransmit timers so that it is more more "impatient", particularly when negotiating the initial HTTPS connection for the VPN.  It is possible that it isn't getting a fast enough response for its impatience and is retransmitting before it is supposed to based on RTT, and running afoul of the Inspection Setting "Invalid TCP Retransmission".  This enforcement will basically stall the HTTPS/443 connection in this case and result in the disconnection of the VPN.  

Try changing the Inspection Setting "Invalid TCP Retransmission" from Drop to Accept on the firewall and see if Fast SSL still works.  I'd really not advise leaving this protection in the Accept state though, and believe that disabling Fast SSL would be a better solution as clearly whatever that feature is doing is not RFC compliant.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events