Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ihenock101
Collaborator
Jump to solution

Checkpoint Satefull Inspection for reestablished tcp session

Hi All,

I have one question regarding checkpoint Satefull inspection feature. I have rule that allows Server A to be accessed from public, and in the firewall as I know there is only one rule needed for such traffic due to checkpoint Satefull inspection. My concern is if the TCP session by any means fails, is adding a rule from server A to any make this TCP session to reestablish by the server ?

Thanks,

1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
_Val_
Admin
Admin

What is the expected behavior, what are you trying to achieve? 

ihenock101
Collaborator

The thing is the server access from public failed in the middle of no where. so, I taught whenever the tcp session failed writing a rule in the reverse direction  (i.e from server to any) may allow the server to reestablish the tcp session

PhoneBoy
Admin
Admin

A reverse rule won't solve this issue as you will get a TCP packet out of state message: https://support.checkpoint.com/results/sk/sk31382
Or something like "First Packet isn't SYN" from: https://support.checkpoint.com/results/sk/sk11088 
You can disable these checks for specific flows by using the procedure in sk11088.
This is generally not recommended for security reasons, though.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events