This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BikeMan
Contributor
‎2024-01-17 08:42 AM

Updatable Objects

Hello team ;-),

 

Writing today because I have an issue related to Updtabale object in Quantum Sparck appliance.

Model is 1550

Running R81 (996000575)

Remotely manage by MDM R81.10.

I could reduce policy in 2 Sections:

1. Allowing access to/from the global entreprise network without NAT or anything (appliance is connected behind SDWAN devices). (let's say 192.168.1.0/24 to/from 192.168.2.0/24)

2. Allowing access to UO: Zscaler Services and for sure NAT with external ip.

I had some complaints from some users that sometimes servers raise a "disconnected" status.

Looking at the logs in the Dashboard, What I see is unbelievable (not the real ip in the post...):

Src: 192.168.1.2 (this is an internal host)

Dst: 192.168.2.2 (this is an ip remotely connected with SDWAN) AND the UO:"Zscaler Services".

And so the src is natted and for sure connection is not possible. Dst should be only 192.168.2.2 and NO NAT.

I have checked the .C file for Zscaler and for sure 192.198.2.2 is not in it.

 

Any clue ?

 

Thanks,

 

0 Kudos
5 Replies
the_rock
Legend
Legend
‎2024-01-17 09:44 AM

Im slightly confused, so just want to make sure Im getting this...are you saying src is natted and that part is fine, but also dst shows nat, but should NOT be?

Best,

Andy

0 Kudos
BikeMan
Contributor
‎2024-01-18 12:23 AM
In response to the_rock

I should reach 192.168.2.2 from 192.168.1.2. Policy is allowing this traffic. From / to these network no nat is required. It is part of the global entreprise network.

Sometimes, when I reach 192.168.2.2, in the Dst section of the logs I have: "192.168.2.2" AND "Zscaler services". As if 192.168.2.2 was part of "Zscaler Services" object while it is not. Traffic is using external interface and is NATted while it should use another routing interface without NAT.

 

Rgds,

 

0 Kudos
the_rock
Legend
Legend
‎2024-01-18 04:46 AM
In response to BikeMan

I see what you mean, now I got it. Can you verify route is correct?

0 Kudos
BikeMan
Contributor
‎2024-01-22 06:41 AM
In response to the_rock

Routing is fine. Sometimes it is working, sometimes not.

0 Kudos
the_rock
Legend
Legend
‎2024-01-22 06:43 AM
In response to BikeMan

Sounds like you may need remote with TAC to check this further, hard to say for sure why thats happenind, sorry.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events