- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
We have a CP 6200P/R80.30 in production environment & earlier it was accessible via internal interfaces (HTTPS/SSH ) .But suddenly since last few days internal interfaces are not accessible to ping ,SSH , HTTPS.
While taking tcpdump we can see traffic is hitting CP GW but only SEW flags we could able to see.
Now we could only able to access GW(SSH/HTTPS) via public IP.
What might be a reasons for these type of issue ?How we can resolve this?
What do you see in the logs in smart console? Also, when you try this, can you do zdebug command as well? For example, say you are pinging or ssh-ing from 10.10.10.100 IP address, just run this command on the gateway -> fw ctl zdebug + drop | grep 10.10.10.100 and see what you get. Another thing to consider is, can you attempt to revert policy to the time when this did work? I dont know if any changes were made, but something clearly happened since last time it worked.
Any routing changes at all?
Andy
For fw ctl zdebug output we are not able to see any logs/drops .
In smartconsole we can see accept logs for SSH , Ping traffic going towards internal (checkpoint) interface IP .
In order to revert to old policy we don't know when exactly this has been stopped working.
Ok, I know this may be extreme step, but to confirm 100% its not policy, are you able to do fw unloadlocal on the gateway and see if issue gets solved? If it does, then there is no doubt its something in policy that was blocking it.
Thanks for your suggestions .
This firewall is currently in production . So fw unloadlocal is less feasible option .
Only issue is with monitoring tool not able connect properly & FW admins not able to access it via internal interfaces.
If any issue with firewall policy /packets droped by this FW kernal then should see that logs in Smartconsole , fw ctl zdebug +drop command right ?
Anything else we can try /check for this ?
Can you attach fw monitor and tcpdump files when you are testing this and also indicate source/dst IP?
Cheers,
Andy
I am only assuming now, as you did not fully answer my question, it looks like traffic is "stuck" on eth4.1135 interface. What does this show -> ip r g x.x.x.x
where x.x.x.x is IP you are trying to access.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY