CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 9 of 9

Thread: Not passing traffic

  1. #1
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Not passing traffic

    Hi everyone,

    I recently upgraded an R55 box running on Solaris to a SPLAT box running R65. After reestablishing SIC and rebuilding the topology I am unable to get traffic to pass thru the firewall. I see all the good traffic entering on whichever interface and the firewall is processing the rules appropriately. The firewall just doesn't seem to push the traffic from inside to outside or from one interface to another.

    Any ideas? ARP tables on all attached Cisco devices were cleared and routing tables look fine. From the FW I can push traffic out each interface too.

    Thanks in advance.

  2. #2
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,146
    Rep Power
    13

    Default Re: Not passing traffic

    Quote Originally Posted by awalt1279 View Post
    After reestablishing SIC and rebuilding the topology I am unable to get traffic to pass thru the firewall.
    What I'm missing in this part is the obvious policy push?
    If that has been done, have you updated the topology in the Dashboard object (Interface names have changed most probably).
    All spoofing will be active when the interface names are not correct.
    Probably easiest to edit them manually!!
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  3. #3
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Yes. All that is complete. Interfaces have been renamed, etc...

  4. #4
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: Not passing traffic

    So your routing tables look OK - did you also check that the firewall can see ARP entries for all of the gateways it's trying to route traffic to?

  5. #5
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Quote Originally Posted by northlandboy View Post
    So your routing tables look OK - did you also check that the firewall can see ARP entries for all of the gateways it's trying to route traffic to?
    Yep. That's the first thing I checked.

  6. #6
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,146
    Rep Power
    13

    Default Re: Not passing traffic

    Do a netstat -rn on the old SUN system and see how the routing table looks and compare it to the same command output on the SPLAT.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  7. #7
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Quote Originally Posted by msjouw View Post
    Do a netstat -rn on the old SUN system and see how the routing table looks and compare it to the same command output on the SPLAT.
    I actually use a script to load the routes. Script is the same on both.

  8. #8
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: Not passing traffic

    Run fw monitor.

  9. #9
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,146
    Rep Power
    13

    Default Re: Not passing traffic

    fw monitor indeed and fw ctl zdebug drop
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Firewall Stops Passing Traffic, Dashboard Still Works.
    By kaydo in forum Check Point SecurePlatform (SPLAT)
    Replies: 14
    Last Post: 2010-07-12, 16:38
  2. Need clarification on SA's : Tunnel up but traffic not passing
    By dreambuddy in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2008-09-15, 14:54
  3. X11 not passing the FW
    By Phayder in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 5
    Last Post: 2007-07-04, 11:48
  4. when adding 2nd node in clusterXL , cluster stops passing traffic
    By chgoIT in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2006-11-13, 10:41
  5. Master not passing traffic in Vrrp
    By highpoint_1 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 4
    Last Post: 2006-09-14, 13:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •