- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
Below is the scenario
Checkpoint ( 3 subnets) ------ > Symantec decrypter (2 subnets reaches, 3rd subnet doesnt reach).
Above devices are connected back to back, initially there are subnet with /27 routed between these two devices, post ip exhaust , one more /27 was added.
traffic reaches from checkpoint to symantec decrytor device, now second subnet is also exhausted.
now we are planning with 3 rd subnet in symantec side.
we could see packet leaving checkpoint exit interface through fwmonitor, but there is no received packets in packet capture of ssl decryptor.
Is there an alternate option to check packet leaving checkpoint other than fwmonitor or tcpdump.
thanks
BSB
Hello,
One other tool for packet captures is CPPCAP as described in sk141412. In addition, you can correlate the captured output with that of the logs.
Can I confirm we are dealing with an IPSec site-to-site VPN here? If not, please elaborate on the topology in question.
Thanks.
Seeing the packet hit capture point O in fw monitor just means it is leaving the Check Point code heading for the egress interface in Gaia. Use tcpdump with the -e option to see the destination MAC address of the problematic traffic and verify that the packet is actually leaving. If you don't see it leaving, run fw ctl zdebug drop to see why, my guess would be outbound antispoofing enforcement or you've got some kind of problem with inconsistently applied subnet masks for the new subnet.
If it is the same destination MAC as for subnet traffic that is working, it is not a firewall problem. If the destination MAC is wrong that would explain why it is not showing up at the next hop as the switch will not forward it to that port.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY