This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
thevvk
Explorer
‎2020-01-19 11:21 PM

VPN/SSH connection disconnected during data transfer

Hi,

 

we are using Global VPN to connect with one of our clients to access their servers but when we are trying to transfer data through Winscp application; the SSH and global VPN getting this connected as we checked, there is no restriction from client side.

The same data transfer is working with mobile hotspot taghering but we are having a problem when we are using our company network.

In our company, we using checkpoint Firewall(5400) and we have enabled communication to client public IP in our check point access rule.

 

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2020-01-21 08:40 AM

What version/JHF is the gateway running?
What precise troubleshooting steps have you taken so far with the results of said steps?
What do the logs on the gateway say when you attempt this communication?
Have you done any tcpdumps to verify the traffic is entering and leaving the gateway?
0 Kudos
thevvk
Explorer
‎2020-01-21 09:45 PM
In response to PhoneBoy

Hi,

We are using Checkpoint Firewall 5400 in our Network.

when connecting to Global protect client VPN, we can successfully establish a session/connection. We can connect to the server and access our Server resources, available at the client-side.
We have verified with Client that all restrictions on the firewall have been removed for VPN IP(whatever IP, VPN client is getting after connecting the VPN).


Issue: After connecting to VPN, when we initiate a WinSCP connection to the same server and try to transfer any file, VPN and server connections get disconnected in the Company's private network. The same issue has been tested on a different network (mobile hotspot using USB tethering) and did not face any issues.

tried below steps:
1. Allowed communication to Client Public IP
2. Allowed communication through Separate public IP
3. Checked the Global VPN clients logs; attaching logs.
4. Checked Checkpoint Firewall logs; HTTPS(443) & UDP(4501) traffic is passing from internal LAN to Public IP.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-22 08:55 AM
In response to thevvk

I'm not understanding what your environment looks like, which makes it very difficult to suggest where to begin troubleshooting.
You're mentioning the Global Protect VPN client, which I believe is a product by Palo Alto Networks.

Please provide a network diagram of the environment in question and list software versions/JHF levels of all gateways involved including client VPN software.
You might also engage with the TAC.
0 Kudos
thevvk
Explorer
‎2020-01-22 09:20 AM
In response to PhoneBoy

Hi,

 

We are using Global protect VPN to connect client servers which behind the client Firewall Palo alto; we are able to connect VPN also and servers are also accessible.

The problem is when we are trying to transfer data through WinSCP from our private network; global protect VPN is getting disconnected but the same data transfer we are able to do with VPN connected through Mobile hotspot(other networks).

We are using checkpoint in our private network with Gaia version 80.10

let me know if you need more info.

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-22 09:44 AM
In response to thevvk

R80.10 at what JHF level?

Have you done any packet captures on your gateway (ingress and egress) to see what the traffic looks like as it traverses the gateway?
It may or may not be related to the Check Point gateway at all.
Also, it might be worth engaging with PAN's support on this to see what is causing the Global Protect client to disconnect.
0 Kudos
thevvk
Explorer
‎2020-01-22 10:10 AM
In response to PhoneBoy

Hi,

 I checked the logs in our gateway; 443 and 4501 ports traffic is passing.

yes, might be it's not related to Checkpoint gateway but we are facing this issue only with our network, with other networks, it's is working fine.

as we checked with the Palo alto team(client), there is no restriction for the VPN IP.

 

0 Kudos
Jerry
Mentor
Mentor
‎2020-01-22 11:37 AM
In response to thevvk

MTU mismatch somewhere ?
Jerry
0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-22 02:50 PM
In response to thevvk

Right, which is why I'm suggesting packet captures with tcpdump, fw monitor, or some other mechanism.
If it's an MTU issue like Jerry says, packet captures will bear that out.
0 Kudos
thevvk
Explorer
‎2020-01-22 08:52 PM
In response to PhoneBoy

Hi,

I have captured the packet, only 443 and 4501 traffic is showing there.

 

 

0 Kudos
Jerry
Mentor
Mentor
‎2020-01-22 11:47 PM
In response to thevvk

it doesn't really matter what tcp or udp port traffic you capture just show us something or analyze yourself what's wrong with the flow 🙂

little hint:

https://forums.clavister.com/viewtopic.php?t=11915
Jerry
0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-23 11:41 AM
In response to thevvk

Precisely how did you capture the traffic?
Did you do packet captures on both the ingress and egress of the gateway?
Did you compare them to see that they're the same?
If they're the same, the problem may be upstream of your gateway.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events