- Products
- Learn
- Local User Groups
- Partners
- More
Stop Babysitting Rules.
Go Agentic
Step Into the Future of
AI-Powered Cyber Security
The State of Ransomware Q1 2026
Key Trends and Their Impact
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
I know this thread is nearly 5 years old, but I don't see a solution, and we hit exactly the same issue
R81.10 machines running on ESXi VM hosts, secondary can't ping the gateway unless the policy is unloaded. Gateway management traffic works fine, probably because it doesn't pass through the policy.
The standby box actually tries to pass external traffic through the active box using the sync connection, which is designed behaviour I believe.
My colleague found a setting on the vSwitch in ESX that seems to be cauing the problem. Under policies, there is a setting for 'Forged transmits'. The default is Reject. Setting it to Accept on the VLAN the Sync traffic uses seems to be working now
The checkpoint uses some kind of virtual MAC for that traffic that the vSwitch doesn't like, so it drops it apparently
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
