- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hello Checkmates,
I have a question regarding the behavior of my internal firewall. Please see image below as reference:
Currently, anything below INTFW has internet access, but for some reason, INTFW doesn't. I have confirmed this when I checked my URL and App Control updates, and it shows a failed attempt. Logs show allowed via implied rule as seen in the screenshot below:
Running fwctl zdebug + drop | grep [INTFW IP] on EXTFW1 (current active cluster member) doesn't show any drops, so it confirmed that the allowed log entries are correct. It shouldn't be about the routes as my internal network is working as it should be, it's only INTFW that doesn't have internet.
I would like insight to this as it would allow me to then update my internal firewall to the latest JHF and would probably fix a lot of issues that I'm experience.
Thanks!
Here's an example of a log egress to 8.8.8.8 from the INTFW
I see no translation entries, but we do have a NAT policy, the group INTERNAL should have the 192.168.4.X IP address configured on the internal firewall.
| User | Count |
|---|---|
| 64 | |
| 19 | |
| 13 | |
| 12 | |
| 11 | |
| 9 | |
| 8 | |
| 7 | |
| 7 | |
| 7 |
Tue 28 Apr 2026 @ 06:00 PM (IDT)
Under the Hood: Securing your GenAI-enabled Web Applications with Check Point WAFThu 30 Apr 2026 @ 03:00 PM (PDT)
Hillsboro, OR: Securing The AI Transformation and Exposure ManagementTue 28 Apr 2026 @ 06:00 PM (IDT)
Under the Hood: Securing your GenAI-enabled Web Applications with Check Point WAFTue 12 May 2026 @ 10:00 AM (CEST)
The Cloud Architects Series: Check Point Cloud Firewall delivered as a serviceThu 30 Apr 2026 @ 03:00 PM (PDT)
Hillsboro, OR: Securing The AI Transformation and Exposure Management
