This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PabloOttawa
Explorer
‎2020-01-17 10:00 AM

Load balancing - ConnectControl not NATing

Hello all,

I am trying to configure load balancing with my Checkpoint firewalls - two 5200 series firewalls configured in High Availability mode. I have followed to the letter the instructions in https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide...

I have two HTTPS servers on addresses 192.168.103.91 and 192.168.103.92; I created a virtual ip of 192.168.102.20 (different subnet) for them. I also added the VIP to the ARP proxy on both appliances.

When I try to ping 192.168.102.20 (the VIP) from a workstation, the ping is successful; however, the reply comes from the actual server address, not from the VIP.

And when I try to access the VIP using HTTPS, it simply does not work. I sniffed the packets and I can see an http response from the actual server address (not from the VIP) which is not taken by the target machine since it is not expecting the response from that address.

In my mind, the response should be coming from the VIP, and everything should be NATed back and fort to the server addresses (as opposed to a simple redirection). 

What am I doing wrong? Please advise, thanks!

 

Pablo

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-01-17 07:13 PM

What version/JHF level?
Can you provide a screenshot of your Logical Server object configuration?

Note that Logical Server objects do NOT support ping.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events