This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RPawar
Contributor
‎2023-05-03 09:42 PM

Not able to reach the web UI of second gateway of different network.

Hello,

 

I have set up a LAB environment on VMWARE and in my lab setup i am not able to reach the web UI of my second gateway for running initial wizard for further configuration and SIC integration with the manager.

My Manager, Client Machine (windows VM) and first Gateway all are in same network 192.68.0.1/24, however  interface eth2 of GW-1 has 67.83.0.111/24 and my GW-2 management interface eth0 has 67.83.0.114/24 so both my GW-1 eth2 and GW-2 eth0 are in same network but still after multiple attempts i am not able to reach my web UI of GW-2.

I have allowed all the required traffic on  my GW1-1.

I am getting destination host unreachable error on client machine and on GW-1 cli kindly help.

 

 

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2023-05-04 12:09 PM

What version was installed?
What do you see in the logs when you try to access GW-2?
Have you done any troubleshooting on the gateway itself (e.g. tcpdump) to see if the traffic is even reaching the gateway?

0 Kudos
RPawar
Contributor
‎2023-05-04 08:44 PM
In response to PhoneBoy

The version installed on all the devices is R81.10

in the logs I can see that the traffic is showing accepted for the http connection that I initiate from my client machine, however i am not able to get any icmp logs which I initiate from client machine as well as from the Gateway-1 towards Gateway-2

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-05-04 04:37 PM

Is GW-1 performing NAT?

What routes does GW-2 have?

CCSM R77/R80/ELITE
0 Kudos
RPawar
Contributor
‎2023-05-04 08:41 PM
In response to Chris_Atkinson

Gateway -2 has a default route to route traffic towards network 67.83.0.0/24 via interface eth0 on which the IP configured is 67.83.0.114/24. also gateway -2 has no NAT on it.

Gateway -1 has a route for same destination via interface eth2 which has the IP configured as 67.83.0.111/24

Gateway -1 also has a default route which routes the traffic via 192.168.0.1/24 which is gateway of the management network configured in my topology.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-05 03:21 PM
In response to RPawar

The routing tables should match on both cluster members.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-05-04 04:42 PM

I can tell you that 9 times out of 10, when you see the message destination host unreachable, it means proper route is missing.

Andy

Best,
Andy
0 Kudos
RPawar
Contributor
‎2023-05-04 08:45 PM
In response to the_rock

Can you suggest what should be the proper routes in this topology scenario?

0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2023-05-04 08:57 PM
In response to RPawar

Are those part of cluster or two gateways where traffic is passing through for another gateway through first?

I am still not getting your scenario? what is your source and destination IP then>?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-05-05 05:27 PM
In response to RPawar

As phoneboy said, routing has to match on both members for this to work right.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events