Thread: Smart Centre Server fails to connect to Enforcement points
View Single Post
  #13 (permalink)  
Old 2008-02-20
mdp_uk mdp_uk is offline
Junior Member
  
Join Date: 2007-11-14
Posts: 8
Rep Power: 0
mdp_uk has an average reputation (10+)
Default Re: Smart Centre Server fails to connect to Enforcement points.
Hi thanks for your advice, on the advise of checkpoint I did the following debug on the enforcement points:

fw ctl zdebug -m fw + drop | grep 18191

Basically translated, debug cluster droped packets with filter for CPD packets.

It returned IP address dropped. which when checked turned out to be the NAT address (It manages other VPN tunnel enforement points) of the SCS.

Added the NAT address to the rule allowing communication with the FW and bingo!

Very strange as there has never been a rule allowing the NAT address to manage the FWs.

Checkpoint say it may be down to a possible file overwrite (corrupted) when the FW had an unclean shutdown and it's changed the way it is managed - Doesn't make any sense to me but i'll have to put it in the jar on the side with all the other "how the hell did that happen" faults i've had.

Thanks again for all your advice!!
Reply With Quote