This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergey_Anikeev
Contributor
‎2022-04-04 12:28 PM

SMB bridge problem

Hi Colleagues.
Help to understand what could be the problem?

So there is a device SMB 1100
Version: R77.20.80 (990172392)

The device is controlled centrally with SMS R81 GAIA.

On the device configured Bridge for two interfaces
LAN8 and DMZ.

LAN8 -> Windows PC
DMZ -> INT LAN GW R81 GAIA -> Internet.

Traffic walks perfectly through this Bridge, but does not work Application @ Url Filtering and HTTPS inspection.
There are no entries in logs on these two blades.

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-04-04 05:35 PM

Per sk111756 / sk102296 how are the following advanced settings currently configured?

DPI.png

Note 1100 & R77.20.80 will be End of Support in Jun-2022 and you should consider upgrading for relevant feature enhancements such as sk123035 amongst others.

 

CCSM R77/R80/ELITE
0 Kudos
Sergey_Anikeev
Contributor
‎2022-04-04 11:35 PM
In response to Chris_Atkinson

For sk102296
I turned on for dpi_lan_lan and dpi_lan_dmz
True

(the problem is not solved)

 

For sk111756
I did not find parameter Allow LAN-LAN DPI.

1.JPG

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-04-05 12:04 AM
In response to Sergey_Anikeev

The sk102296 is for centrally managed SMBs like you have - Additional Settings from sk111756 do not apply here, only for locally managed SMBs! Did you do a policy install and are the new values viewable in DBedit ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-04-05 12:28 AM
In response to Sergey_Anikeev

I would suggest to contact TAC - this did work in newer firmware versions as expected ! But i do not see why you are not using the WAN IF...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor
‎2022-04-05 01:23 AM
In response to G_W_Albrecht

OK, thanks, I will try to make SR in TAC.

WAN is used to connect SMB to SMS.

And Bridge is needed to connect users to another gateway with internet access and VPN (not Check Point).

Unfortunately, the scheme is not yet able to change.

G_W_Albrecht
Legend Legend
Legend
‎2022-04-05 01:39 AM
In response to Sergey_Anikeev

WAN is used to connect SMB to SMS. Sorry, but 🤣...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor
‎2022-04-05 01:51 AM
In response to G_W_Albrecht

🤷‍

SMS is in another region.

SMB is located in the branch office.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-04-05 02:48 AM
In response to Sergey_Anikeev

I thought that WAN is connected to an ISP not directly to the SMS 8) That should work, so TAC is my only hope !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top