This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ihenock101
Collaborator
‎2023-06-04 10:45 PM
Jump to solution

Checkpoint Satefull Inspection for reestablished tcp session

Hi All,

I have one question regarding checkpoint Satefull inspection feature. I have rule that allows Server A to be accessed from public, and in the firewall as I know there is only one rule needed for such traffic due to checkpoint Satefull inspection. My concern is if the TCP session by any means fails, is adding a rule from server A to any make this TCP session to reestablish by the server ?

Thanks,

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-06-05 01:55 AM
Jump to solution

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
4 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-06-05 01:55 AM
Jump to solution

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin
‎2023-06-05 03:00 AM
Jump to solution

What is the expected behavior, what are you trying to achieve? 

0 Kudos
ihenock101
Collaborator
‎2023-06-05 10:10 PM
In response to _Val_
Jump to solution

The thing is the server access from public failed in the middle of no where. so, I taught whenever the tcp session failed writing a rule in the reverse direction  (i.e from server to any) may allow the server to reestablish the tcp session

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-06 12:44 PM
In response to ihenock101
Jump to solution

A reverse rule won't solve this issue as you will get a TCP packet out of state message: https://support.checkpoint.com/results/sk/sk31382
Or something like "First Packet isn't SYN" from: https://support.checkpoint.com/results/sk/sk11088 
You can disable these checks for specific flows by using the procedure in sk11088.
This is generally not recommended for security reasons, though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events