Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
marcherren
Participant

Quantum Spark implied rules blocking ESX (tcp/902)

Hi

I've got problems doing ESX backup (using Synology Active Backup for Business) due to port tcp/902 beeing blocked between my Synology and my ESX server. It seems that an implied rule is causing this. Can I somehow control this ?



Screenshot 2022-02-22 at 16.34.47.png

 

FW : R80.20.35 (992002613)

0 Kudos
9 Replies
K_montalvo
Advisor

Hello buddy!

Create an access rule to allow the communication between those two devices with:

source 10.10.10.4 and Destination 10.10.80.10
Service TCP_902

If your device is Locally Managed:

https://sc1.checkpoint.com/documents/SMB_R80.20.35/AdminGuides/Locally_Managed/EN/Topics/Quantum-Spa...

 

If your device is Centrally Managed:

https://sc1.checkpoint.com/documents/SMB_R80.20.35/AdminGuides/Centrally_Managed/EN/Default.htm

 

If you prefer to call  CP Support they have an option for SMB specialist and also can assist you. Let me know if needed further help

0 Kudos

Trying that is good - i only fear that rule 0 will drop the packet first.

CCSE CCTE CCSM SMB Specialist
marcherren
Participant

Yes I did this, also disabled (just to be sure) all others blade than FW without any success.

Implied rules are always handled first (in my knowledge)

0 Kudos
Amir_Ayalon
Employee
Employee

Hi

implied rule are meant to allow traffic, not to block it, so this is not the expected behavior.

perhaps it’s a blocked device ?

 

0 Kudos

Strange - i assume that this is internal traffic and Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic is still off ? I would suggest to contact TAC...

CCSE CCTE CCSM SMB Specialist
marcherren
Participant

As I got Collaborative Support ( it's my private firewall at home) I would need to pay every minute my local vender investigates/coordinates this 🙂 Is there a way to send a bug report (I would know why implied rule would block tcp/902) so that cp at least notice this problem. Or should I just hope that someone @Checkpoint will notice this trough this forum ? 🤔

0 Kudos

As you have bought Collaborative Support, your CCSP should be caring for your issues ! 

This is about 20$ saved per year compared to Direct Support enabling you to get immediate help using chat.

CCSE CCTE CCSM SMB Specialist
0 Kudos
marcherren
Participant

Nothing to discuss here. This is the business model of my partner of choice (for different other reasons)

I was just hoping to report (in my opinion) a bug to checkpoint somehow so they can improve their product.

 

0 Kudos

That is your choice - if i buy support, i will get support, why should i burn money ? Did you try to put both devices into the same subnet ?

CCSE CCTE CCSM SMB Specialist
0 Kudos