This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dumbhead123
Contributor
‎2021-06-18 09:32 AM

Weird VPN TU/Smart view monitor behavior during policy installation

Hey Everyone,

 

I have been working with a customer running R80.40. While it's weird, I haven't had any specific explanation to the behavior.

The gateway is catering to several site to site VPNs which are up and running and we can verify the same via vpn tu or smartview monitor (tunnels per gateway/community).

Whenever we install policy, these entries just vanishes. VPN TU doesn't show a single entry though there are 6 to 7 tunnels. Smartview with "tunnels on gateway" shows "no data". Interestingly traffic through the VPN tunnel continues to work without any issues, VPN peers based on tcpdump/fwmonitor concludes that they continue to communicate with each other.

Sometimes the IKE SA entries come back automatically, sometimes only when the tunnel go through a manual or auto reset. (attached screenshots from the test bed)

 

In order confirm the behavior, I created a test bed with R80.10, R80.40 and R81.

R80.10 - Did not see this happening throughout the policy installation. IKE entries are always seen

R80.40 and R81 - IKE entries from VPN and Smartview monitor vanishes

Installed the latest R80.40 hotfix which did not make any difference, though I did not really find anything relevant in the hotfix notes.

 

Has anyone seen this or is this expected to happen, because this can deem risky if we are troubleshooting a VPN problem and we are to install such a policy!!

VPN after policy.png
Preview file
14 KB
VPN before policy.png
Preview file
19 KB
0 Kudos
2 Replies
KennyManrique
Advisor
‎2021-06-20 12:57 PM

Hi, 

Same behavior here on R80.40 T118, for me its broken at least since T91 (as far I can remember) , because it worked ok at first.

The following SK was the most related to the issue I was able to get: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-20 05:35 PM

The SK pointed to by @KennyManrique suggests this is a bug and you should request a portfix from TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top