Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergey_Anikeev
Contributor

SMB bridge problem

Hi Colleagues.
Help to understand what could be the problem?

So there is a device SMB 1100
Version: R77.20.80 (990172392)

The device is controlled centrally with SMS R81 GAIA.

On the device configured Bridge for two interfaces
LAN8 and DMZ.

LAN8 -> Windows PC
DMZ -> INT LAN GW R81 GAIA -> Internet.

Traffic walks perfectly through this Bridge, but does not work Application @ Url Filtering and HTTPS inspection.
There are no entries in logs on these two blades.

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee

Per sk111756 / sk102296 how are the following advanced settings currently configured?

DPI.png

Note 1100 & R77.20.80 will be End of Support in Jun-2022 and you should consider upgrading for relevant feature enhancements such as sk123035 amongst others.

 

CCSM R77/R80/ELITE
0 Kudos
Sergey_Anikeev
Contributor

For sk102296
I turned on for dpi_lan_lan and dpi_lan_dmz
True

(the problem is not solved)

 

For sk111756
I did not find parameter Allow LAN-LAN DPI.

1.JPG

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The sk102296 is for centrally managed SMBs like you have - Additional Settings from sk111756 do not apply here, only for locally managed SMBs! Did you do a policy install and are the new values viewable in DBedit ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

Yes.

2.JPG

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to contact TAC - this did work in newer firmware versions as expected ! But i do not see why you are not using the WAN IF...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

OK, thanks, I will try to make SR in TAC.

WAN is used to connect SMB to SMS.

And Bridge is needed to connect users to another gateway with internet access and VPN (not Check Point).

Unfortunately, the scheme is not yet able to change.

G_W_Albrecht
Legend Legend
Legend

WAN is used to connect SMB to SMS. Sorry, but 🤣...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

🤷‍

SMS is in another region.

SMB is located in the branch office.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I thought that WAN is connected to an ISP not directly to the SMS 😎 That should work, so TAC is my only hope !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events