Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
COE_JW
Explorer

Return traffic from an internal server is directed to public NAT WAN ip

I have a growing number of situations where I am running into this issue where a internal machine is able to reach out but returning traffic destination is showing dropped at my external ip.

I have attached an image of the allowed traffic out, and the drop on my public.

I am curious if the issue may be related to sk114395
Automatic creation of Proxy ARP for Manual NAT rules on Security Gateway
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

In my other instances where i see similar issues, with users attempting to authenticate to a web too out side of our org
and the users browser is redirected back to our public ip as well. 
I worked with TAC in the past regarding this issue but did not make any progress. 
Working with a consultant on upgrading our blades from 80.30 to 81.10 took a moment and we did see a little improvement adding an entry to the proxy arp on the blade. But the issue continues.

Any thoughts or suggestions regarding this would be much appreciated.
This hat was handed to me due to the primary leaving the org, please bare with my experience.

- J

0 Kudos
4 Replies
_Val_
Admin
Admin

What is the drop reason? Cannot find it in the log

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Does all the correct routing back to the source exist?

With your NAT policy are there differences between a source network that works vs one that doesn't?

CCSM R77/R80/ELITE
0 Kudos
Vladimir
Champion
Champion

@COE_JW , please advise if:

1. you are using automatic or manual NAT for the source object.

2. there are other source objects present with duplicate IPs.

Additionally, in your screenshot, the packet being dropped is RST-ACK. If session has already timed-out (on Check Point), this will be the expected behavior.

Bryan-Smith
Employee
Employee

@COE_JW I'm with @Vladimir . It appears as though the connection has timed out. Is it just the Azure App Service Migration tool that is having this issue? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events