This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brander
Explorer
‎2019-09-04 06:21 AM

NEW-RADIUS traffic drop

Dear all,

First of all - I am no checkpoint guru so there could be something elementary that I've missed. But, I'm configuring EAP-TLS communication between my WLC (Cisco) & RADIUS (NPS in DMZ). Please note the object is referencing the DMZ IP-address. I've created a rule for NEW-RADIUS traffic between the two objects to accept traffic, but I can still see drops. 

1. From the Smartconsole in the 'Logs & Monitor' section I notice that the drop is missing a reference to a specific rule. 

2. When I enabled ICMP echo-request the behaviour was the same, dropped traffic without a reference to a access rule. 

 

If you have any tips, suggestions or if you need additional information - please let me know 🙂

I'll await your kind reply,

TB

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-09-04 10:55 AM

Double-clicking the relevant log entry and looking at further details may explain why it's being dropped.
0 Kudos
Brander
Explorer
‎2019-09-06 12:18 AM
In response to PhoneBoy

Dear PhoneBoy,
Is there something special I should keep an eye out for? 

I guess something weird is the 'Message information': Address spoofing.

 

The source and destination is two different subnets, without a specific route enabled. Is this a requirement? 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-06 08:41 AM
In response to Brander

It should also be logged against Rule 0, which is an implied rule.
Anti-spoofing is exactly why the traffic is being dropped, and you need to fix that.
This may mean adding routes, changing the gateway object configuration, or both.
https://community.checkpoint.com/t5/General-Topics/A-Primer-on-Anti-Spoofing/m-p/23042
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫