This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Grave_Rose
Collaborator
‎2023-09-22 09:38 AM
In response to PSushko

[Apparently this was deleted or I missed posting it so here I go again.]

I think I misunderstood your initial request. I thought you wanted to manage the P81 device across the VPN and were having issues with that but it seems that you just want to connect a GUI client to your management station from the P81 encryption domain. Is that correct? If so, here's what you need to do from a packet flow situation.

First, for the 'fw monitor' set the source as your client IP address (192.168.192.100) and the destination as your management station (10.20.30.40) and run that on your R80.40 gateway. When that's running, attempt to connect your GUI client. You should see something like this:

(E) 192.168.192.100.12345 -> 10.20.30.40.18191
(o) 192.168.192.100.12345 -> 10.20.30.40.18191
(O) 192.168.192.100.12345 -> 10.20.30.40.18191

The big "O" indicates that the packet has left the Check Point kernel and is now destined for the wire. You can verify this with tcpdump but you likely don't need to.

Next, run a PCap on your management station. If it's Windows, use Wireshark. Fun fact: Wireshark uses BPF when capturing packets so you can use tcpdump syntax to filter. If it's GAiA or another *nix, use tcpdump. We're going to assume that you're running GAiA and that the physical interface on your management station is eth0. Run the following command without the quotes: "tcpdump -nn -vvv -e -s 0 -X -c 100 -i eth0 host 192.168.192.100 and host 10.20.30.40" which will capture packets whose source or destination is either of those IP addresses. Here's what you're looking for:

  1. A SYN packet from the client. It will show up as [S] in the packet header. If you see this, that means the client is reaching the management station. If you don't see this, then there is something blocking the traffic between the firewall and the management station - It could be the firewall itself.
  2. A SYN/ACK packet from the management station to the client. It will show up as [S.] in the packet header. If you see this, it means that the management station is accepting the connection. If you don't see this but you do see the SYN packet -or- you see the SYN packet but also see a RST [R] packet, then it means that the management station is not accepting the connection. Run 'cpconfig' and make sure you've added your client IP address as a GUI client.

Hope that helps and sorry for the confusion in my previous post.

Cheers,

Gr@ve_Rose

(1)
Who rated this post