This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FWNinja
Contributor
‎2020-11-23 02:28 PM

Private traffic match Internet Object

Hi guys,

specific traffic with a private ip as destination, is matching a rule with the "Internet" object in destination field. This traffic don't pass trough External/DMZ interfaces.

Do you have any ideas?

Thanks and best regards

Francesco

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2020-11-23 02:37 PM

Version/JHF level?
What is the precise rule (screenshot helpful)?
What interfaces does the traffic pass through and how is the topology defined on the relevant interfaces?

0 Kudos
FWNinja
Contributor
‎2020-11-24 12:39 AM
In response to PhoneBoy

R80.30 take_219 installed.

I attached screenshots.

The traffic pass through "Internal" interfaces ("This Network" in the topology).

Thanks and Best Regards

Francesco

 

Preview file
49 KB
Preview file
17 KB
Preview file
9 KB
0 Kudos
_Val_
Admin
Admin
‎2020-11-24 12:53 AM
In response to PhoneBoy

Quoting from sk64543:

"Internet" means "include all traffic directed to External or DMZ according to gateway topology".

Internet object, unlike many people expect, do not represent all routable Internet addresses. Instead, it is a sum if all networks that GW does not have defined as internal.

Check your internal networks in question are defined in GW topology. If this is not the case, system is working as designed.

 

FWNinja
Contributor
‎2020-11-24 12:59 AM
In response to _Val_

Hi,

Traffic is passing through interfaces defined as "This network" or internal.

So, this traffic should not match policies configured with Internet object in destination field.

Thanks

Francesco

0 Kudos
_Val_
Admin
Admin
‎2020-11-24 01:02 AM
In response to FWNinja

We cannot establish that, since you did not post your GW topology. If you are 100% positive that is the case, raise a TAC support request.

0 Kudos
FWNinja
Contributor
‎2020-11-24 02:34 AM
In response to _Val_

I attached screenshots.

Thanks

Francesco

Preview file
59 KB
Preview file
85 KB
0 Kudos
_Val_
Admin
Admin
‎2020-11-24 02:59 AM
In response to FWNinja

Already said above, open a service request.

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2020-11-23 08:40 PM

Yeah, give us some more info. For example if it is a private IP but in a peer VPN domain it will be considered external (Internet).

0 Kudos
FWNinja
Contributor
‎2020-11-24 12:40 AM
In response to HristoGrigorov

It's not a VPN traffic.

I attached screenshots in the previous reply.

Thanks and Best Regards

Francesco

0 Kudos
Ilya_Yusupov
Employee
Employee
‎2020-11-24 05:30 AM
In response to FWNinja

Hi @FWNinja ,

 

according to log detail screen shot you matched on Rule 140 but you put screen shot of rule 142.

can you share rule 140?

 

Thanks,

Ilya 

0 Kudos
FWNinja
Contributor
‎2020-11-24 05:37 AM
In response to Ilya_Yusupov

Hi,

the rule is the same. The customer added 2 rules before and the rule 140 become 142.

Thanks

Francesco

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events