Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BigHec
Contributor

SMB showing "Rule 0" that blocking the incoming traffic

Hi All,

Currently I am doing a testing that includes 3 CP FW. CPs FW at both end will setup a site to site vpn tunnel. A SMB will be sitting infront of the R75.40 acting as a NAT device for R75.40. You can have a look at below for the setup reference.

Host(172.17.17.100)--------(172.17.17.1)R80.40(192.168.237.188) <=======Internet==========>(192.168.237.230) SMB(165.10.10.2) <=====>(165.10.10.1) R75.40(10.10.10.1)---------(10.10.10.10)Host

The ip mentioned above will be the external and internal ip of the interface of the devices.

Now after setting up the site to site vpn tunnel, I can see that the phase 1 and phase 2 on the both ends are up and working fine. When I tried to ping from left side to right side or vice versa, its not working, unpingable. 

When i do a ping from right to left side and do a tcpdump on the internal interface of the SMB, i able to see that the ESP packets from 165.10.10.1 to 192.168.237.188 is sending into the internal interface of the SMB[165.10.10.2].

But when i tcpdump the external interface of the SMB[192.168.237.230], i able to see the ESP traffic from 192.168.237.230 to 192.168.237.188 and 192.168.237.188 to 192.168.237.230 traffic coming back and forth at the external interface of the SMB. Means that the traffic did went out and go to the right side and reply back to the SMB. 

But when i tcpdump the internal interface of the SMB, there are no reply packets from 192.168.237.188, means that the packets only until the external interface of the SMB. 

 

I did check on the logs of the SMB, it shows this logs.

Screenshot 2024-03-26 145749.png

 

Got anyone has any idea what this rule 0 is? and why is it blocking this connection? Because this SMB should be just act as a NAT device and pass the connections packets back to the right side.

I did disable all the feature of the SMB and added a static NAT rule that original source from 192.168.237.188 to 192.168.237.230 will translated to 165.10.10.1 as the translated destination.

 

Thank you

 

 

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend

See here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/All-incoming-traffic-on-Spark-1800-blocked-by...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Which version is the SMB appliance running and does it have the VPN blade enabled or disabled there?

Rule 0 could represent possible anti-spoofing or other issues that may require debugs to uncover.

@G_W_Albrecht has also linked to a previous thread discussing some further possibilities.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events