Transform Your Data Center Management:
The Power of Check Point's MFaaS
Mastering Endpoint Security -
Best Practices for 2024
Customer Threat Prevention
& Vulnerability Management Survey
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Harmony SASE
I know this thread is nearly 5 years old, but I don't see a solution, and we hit exactly the same issue
R81.10 machines running on ESXi VM hosts, secondary can't ping the gateway unless the policy is unloaded. Gateway management traffic works fine, probably because it doesn't pass through the policy.
The standby box actually tries to pass external traffic through the active box using the sync connection, which is designed behaviour I believe.
My colleague found a setting on the vSwitch in ESX that seems to be cauing the problem. Under policies, there is a setting for 'Forged transmits'. The default is Reject. Setting it to Accept on the VLAN the Sync traffic uses seems to be working now
The checkpoint uses some kind of virtual MAC for that traffic that the vSwitch doesn't like, so it drops it apparently
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
