NEW-RADIUS traffic drop

Brander · ‎2019-09-04

Dear all,

First of all - I am no checkpoint guru so there could be something elementary that I've missed. But, I'm configuring EAP-TLS communication between my WLC (Cisco) & RADIUS (NPS in DMZ). Please note the object is referencing the DMZ IP-address. I've created a rule for NEW-RADIUS traffic between the two objects to accept traffic, but I can still see drops.

1. From the Smartconsole in the 'Logs & Monitor' section I notice that the drop is missing a reference to a specific rule.

2. When I enabled ICMP echo-request the behaviour was the same, dropped traffic without a reference to a access rule.

If you have any tips, suggestions or if you need additional information - please let me know 🙂

I'll await your kind reply,

TB

PhoneBoy · ‎2019-09-04

Double-clicking the relevant log entry and looking at further details may explain why it's being dropped.

Brander · ‎2019-09-06

Dear PhoneBoy,
Is there something special I should keep an eye out for?

I guess something weird is the 'Message information': Address spoofing.

The source and destination is two different subnets, without a specific route enabled. Is this a requirement?

PhoneBoy · ‎2019-09-06

It should also be logged against Rule 0, which is an implied rule.
Anti-spoofing is exactly why the traffic is being dropped, and you need to fix that.
This may mean adding routes, changing the gateway object configuration, or both.
https://community.checkpoint.com/t5/General-Topics/A-Primer-on-Anti-Spoofing/m-p/23042