Port re-use issue on R80.20

Muazzam · ‎2021-08-30

Hardware: 13800 or 23500
OS: GAIA R80.20 T103 or T161
Blades: Only FW

Overall utilization of the firewall is low, throughput around 100-200 Mbps, cores mostly in single digits.
Interface drops: Some drops but less than 0.001%

We have similar issues on multiple firewalls but not able to find any clear SK on our issue.
What we found is that firewall use the same NAT source port before a previous connection has completely expires and this cause a drop on the vendor side among other symptoms we have seen.

There are other factors that we are considering as the traffic goes from end-user to proxy to load balancer, multiple NAT's involved, finally traffic goes to out to the external vendor.

Just wondering if anyone has seen the port NAT source port re-use issue?
I heard that R80.40 works in a different way for allocating the NAT ports?

the_rock · ‎2021-08-30

I have a feeling below might be your solution...but if not, you may wish to contact TAC possibly and confirm.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Best,
Andy

Muazzam · ‎2021-08-30

The SK looks related to this issue.

Are you a member of CheckMates?

Port re-use issue on R80.20