This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2023-09-20 05:04 PM

Unstable traffic by NAT.

Hello,

I have a strange case.

I have an access rule, created to consume a domain.
The rule is working by FQDN (domain object).

The traffic is intermittent, for port 444 (Sometimes the rule works, and sometimes not).

When the rule does not work, it is because in the logs, you can see that the traffic at that time, does not NAT, and therefore can not reach the Internet.

The rule has that sense:

SRC: 192.168.70.0/0, 192.168.170.0/24, 192.168.130.0/24
DST: Domain Object -> ".sunat.gob.pe"
Services: 80, 8080, 444
Action: Accepted

The traffic for the other services like 80, and 8080, work fine, but the "instability" is when they want to consume that destination through port 444.

Sometimes it works, and sometimes it does not.

Any idea how to solve this intermittence?

I share 1 file, which contains the moment, when the rule works correctly, and the moment when the rule does not work.

Thanks for your comments.

Preview file
3 KB
Preview file
18 KB
0 Kudos
6 Replies
the_rock
Legend
Legend
‎2023-09-20 05:16 PM

Make sure all options for NAT in global properties are checked.

Andy

0 Kudos
Matlu
Advisor
‎2023-09-20 05:25 PM
In response to the_rock

Hello,

Do you mean this option?

RV2.png

Cheers . 🙂

0 Kudos
the_rock
Legend
Legend
‎2023-09-20 05:26 PM
In response to Matlu

si senor 🙂

0 Kudos
Matlu
Advisor
‎2023-09-20 05:38 PM
In response to the_rock

The "Global Properties" of the SmartConsole, is as the image you shared.

What makes me doubt is why the traffic at a certain moment stops doing NAT (this is why the traffic starts to match with the Cleanup Rule).

This happens at times.

It is very strange.

0 Kudos
the_rock
Legend
Legend
‎2023-09-20 05:42 PM
In response to Matlu

Few times I helped people with this sort of issue, we solved it by clearing nat table. I know its intrusive and has to be done off hours, but seemed to do the trick

Andy

https://support.checkpoint.com/results/sk/sk32224

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-21 08:37 AM

TAC is probably going to be necessary to get to the bottom of this.
Not sure why the port would matter here.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events