Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dumbhead123
Contributor

Weird VPN TU/Smart view monitor behavior during policy installation

Hey Everyone,

 

I have been working with a customer running R80.40. While it's weird, I haven't had any specific explanation to the behavior.

The gateway is catering to several site to site VPNs which are up and running and we can verify the same via vpn tu or smartview monitor (tunnels per gateway/community).

Whenever we install policy, these entries just vanishes. VPN TU doesn't show a single entry though there are 6 to 7 tunnels. Smartview with "tunnels on gateway" shows "no data". Interestingly traffic through the VPN tunnel continues to work without any issues, VPN peers based on tcpdump/fwmonitor concludes that they continue to communicate with each other.

Sometimes the IKE SA entries come back automatically, sometimes only when the tunnel go through a manual or auto reset. (attached screenshots from the test bed)

 

In order confirm the behavior, I created a test bed with R80.10, R80.40 and R81.

R80.10 - Did not see this happening throughout the policy installation. IKE entries are always seen

R80.40 and R81 - IKE entries from VPN and Smartview monitor vanishes

Installed the latest R80.40 hotfix which did not make any difference, though I did not really find anything relevant in the hotfix notes.

 

Has anyone seen this or is this expected to happen, because this can deem risky if we are troubleshooting a VPN problem and we are to install such a policy!!

0 Kudos
2 Replies
KennyManrique
Advisor

Hi, 

Same behavior here on R80.40 T118, for me its broken at least since T91 (as far I can remember) , because it worked ok at first.

The following SK was the most related to the issue I was able to get: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
PhoneBoy
Admin
Admin

The SK pointed to by @KennyManrique suggests this is a bug and you should request a portfix from TAC.

0 Kudos