Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ihenock101
Collaborator
Jump to solution

Checkpoint Satefull Inspection for reestablished tcp session

Hi All,

I have one question regarding checkpoint Satefull inspection feature. I have rule that allows Server A to be accessed from public, and in the firewall as I know there is only one rule needed for such traffic due to checkpoint Satefull inspection. My concern is if the TCP session by any means fails, is adding a rule from server A to any make this TCP session to reestablish by the server ?

Thanks,

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

If the TCP session fails, i would assume that the client needs to establish a new connection to the server - it usually does not make sense for a server to reach out for a client to re-establish a connection 😉 Also authentication would be an issue here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

What is the expected behavior, what are you trying to achieve? 

0 Kudos
ihenock101
Collaborator

The thing is the server access from public failed in the middle of no where. so, I taught whenever the tcp session failed writing a rule in the reverse direction  (i.e from server to any) may allow the server to reestablish the tcp session

0 Kudos
PhoneBoy
Admin
Admin

A reverse rule won't solve this issue as you will get a TCP packet out of state message: https://support.checkpoint.com/results/sk/sk31382
Or something like "First Packet isn't SYN" from: https://support.checkpoint.com/results/sk/sk11088 
You can disable these checks for specific flows by using the procedure in sk11088.
This is generally not recommended for security reasons, though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events