AnsweredAssumed Answered

Packet is dropped. I do not know why is reason.

Question asked by DaeGyu Kyoung on Feb 13, 2019
Latest reply on Feb 17, 2019 by DaeGyu Kyoung

Hi CP engineers !

 

Test environment

Version : MGMT(R80.20), FW(R80.10), Both not JHF

model : MGMT(Dell Openserver), FW(SG5x00)

 

I am very odd experience packet drop on CheckPoint firewall.

1. I made a rule to pass the packet.

2. I also made a manual NAT rule to translate the packet.

3. when I execute the command "fw ctl zdebug + drop, fw monitor -e" , saw the packet is dropped

 

 

Below it is that Things I've done. (Rule number is example)

1. When tested only with Manual NAT, the packet is dropped.

-> Manual NAT Rule 10

2. when I added the rule Automatic NAT and deleted Manual NAT, packet was passed.

-> Because of Automatic NAT Rule 20, no Manual NAT exist

3. when I added Manual NAT same with automatic NAT, packet was passed.

-> Only Manual NAT (NAT Rule 10), Automatic NAT (NAT Rule 20)

Packet is passed because of NAT Rule 10(Manual NAT)

 

when I added only Manual NAT, I think the action have to be running well. But if the automatic NAT does not exist, Manual NAT is not running and the packet is dropped because of No MATCH rule. I do not know why is reason.

I upload the file zdebug result and NAT table.

Attachments

Outcomes