PDA

View Full Version : Problem Accessing Microsoft shares through the Firewall



slocmiester
2009-04-24, 05:59
We cannot access a net share from a client on a server that is the other side of our NokiaIP380/CheckpointR65 firewall appliance. This is only a problem from a particular VLAN. We have done a wireshark network trace of both the successful and unsuccessful connection attempts (using command "net view servername"), and can see that the connection handshake seems to fail after the client sends an SMB "read AndX request" to the server. At this point on the working client, the server sends back a "TCP DUP Ack" to the client On the failing client the TCP DUP Ack is not recieved by the client, and the client then sends out 4 SMB retransmission "AndX Requests" before failing to connect to the server shares. Any help would be most appreciated

simon
2009-04-24, 14:23
Hi slocmiester,

It is hard to say what the actual problem is without more details.

What I would recommend you to to is:

Check SmartDefense settings. Every CIFS relevant protection should be tracked (log/alert)
Check for SmartDefense drops in SmartView Tracker
Check sk30905 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30905) this might fix your problem

Thorpuse
2009-04-24, 20:21
Also try and connect using the IP address and not the ServerName.

Kiwi_wgtn
2009-05-27, 19:51
I had to set "Block Samba SMB Packet Parsing Buffer Overflow" to monitor only. My was windows SQL doing automatic log shipping. I got a few cases that even in monitor more confections break.


just disable 3 p2p protections in R70 as it stopped checkpoint own managments protocols. and other encrypted traffic.