This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cihat_Bulut
Contributor
Contributor
‎2019-03-05 04:53 AM

TCP Port 8082 dropped by implied rule 0

Hi,

In R80.20, when you have a tcp server accessed by tcp port 8082, it is dropped by CP implied rule 0.

TCP 8081,8083 … works, but 8082 not.

The SYN packet cannot be seen after Inbound VM chain. Anybody have an idea?

0 Kudos
11 Replies
Mark_Mitchell
Advisor
‎2019-03-05 04:59 AM

Hi Cihat, 

Are you able to share the Log entry relevant to the drop please?

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor
‎2019-03-05 10:50 AM
In response to Mark_Mitchell

Unfortunately, there is no log entry. Only "fw ctl zdebug + drop" output. It is dropped by implied rule 0, nothing else.

0 Kudos
Mark_Mitchell
Advisor
‎2019-03-05 11:05 AM
In response to Cihat_Bulut

Within SmartConsole can you screen shot the service you created for 8082 please? 

Would I be correct in assuming that you are not logging implied rules? 

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor
‎2019-03-05 10:16 PM
In response to Mark_Mitchell

It is normal TCP service, nothing else. Add new service and just type 8082.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-03-05 11:22 AM

Is this by any chance a Cloudguard VM in Azure/AWS?

There are a number of SK's where there is the following line:

      The following ports cannot be used: 444, 8082 and 8880.

I could not find why but it seems these ports have an internal use there.

Regards, Maarten
0 Kudos
Cihat_Bulut
Contributor
Contributor
‎2019-03-05 10:19 PM
In response to Maarten_Sjouw

I know it, but my system is appliance. You can test it on any appliance or in vm.

0 Kudos
Mark_Mitchell
Advisor
‎2019-03-06 08:47 AM
In response to Cihat_Bulut

It may be worth getting a TAC case raised to investigate further. Have you had a look at the implied rules to see if the traffic matches anyone of those? If I get time this evening, I'll have a further look for you.

Regards

Mark

0 Kudos
Mark_Mitchell
Advisor
‎2019-03-06 01:53 PM
In response to Cihat_Bulut

I had a quick check and I cannot see any implied rules that would cause your traffic to be blocked. 

If you have a hardware appliance with SecureXL on, you could try turning off SecureXL and seeing if you can see anything further within fw monitor. I would recommend just checking your current loading, as if you box is already highly utilized you will want to disable during a maintenance window. 

If you don't see anything further with SecureXL disabled, then I would suggest raising a TAC case. 

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor
‎2019-03-06 11:08 PM
In response to Mark_Mitchell

The exact scenario is;

GW External IP:8082 -> Static NAT -> Server internal IP:8082

I have tested in two different environment, one is fresh appliance and the other is in vm.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-06 06:13 PM
In response to Maarten_Sjouw

I belive those ports are used internally (specifically for MultiPortal).

As such they cannot be used in this context and a different port should be used.

0 Kudos
Cihat_Bulut
Contributor
Contributor
‎2019-03-06 11:44 PM
In response to PhoneBoy

You can use any port, but please document it. Because my customer spent 5 hours to discover this issue. At the end, replaced the port. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events