CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 9 of 9

Thread: Not passing traffic

  1. #1
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Not passing traffic

    Hi everyone,

    I recently upgraded an R55 box running on Solaris to a SPLAT box running R65. After reestablishing SIC and rebuilding the topology I am unable to get traffic to pass thru the firewall. I see all the good traffic entering on whichever interface and the firewall is processing the rules appropriately. The firewall just doesn't seem to push the traffic from inside to outside or from one interface to another.

    Any ideas? ARP tables on all attached Cisco devices were cleared and routing tables look fine. From the FW I can push traffic out each interface too.

    Thanks in advance.

  2. #2
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    14

    Default Re: Not passing traffic

    Quote Originally Posted by awalt1279 View Post
    After reestablishing SIC and rebuilding the topology I am unable to get traffic to pass thru the firewall.
    What I'm missing in this part is the obvious policy push?
    If that has been done, have you updated the topology in the Dashboard object (Interface names have changed most probably).
    All spoofing will be active when the interface names are not correct.
    Probably easiest to edit them manually!!
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  3. #3
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Yes. All that is complete. Interfaces have been renamed, etc...

  4. #4
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Not passing traffic

    So your routing tables look OK - did you also check that the firewall can see ARP entries for all of the gateways it's trying to route traffic to?

  5. #5
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Quote Originally Posted by northlandboy View Post
    So your routing tables look OK - did you also check that the firewall can see ARP entries for all of the gateways it's trying to route traffic to?
    Yep. That's the first thing I checked.

  6. #6
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    14

    Default Re: Not passing traffic

    Do a netstat -rn on the old SUN system and see how the routing table looks and compare it to the same command output on the SPLAT.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  7. #7
    Join Date
    2008-12-05
    Posts
    4
    Rep Power
    0

    Default Re: Not passing traffic

    Quote Originally Posted by msjouw View Post
    Do a netstat -rn on the old SUN system and see how the routing table looks and compare it to the same command output on the SPLAT.
    I actually use a script to load the routes. Script is the same on both.

  8. #8
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Not passing traffic

    Run fw monitor.

  9. #9
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    14

    Default Re: Not passing traffic

    fw monitor indeed and fw ctl zdebug drop
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Firewall Stops Passing Traffic, Dashboard Still Works.
    By kaydo in forum Check Point SecurePlatform (SPLAT)
    Replies: 14
    Last Post: 2010-07-12, 16:38
  2. Need clarification on SA's : Tunnel up but traffic not passing
    By dreambuddy in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2008-09-15, 14:54
  3. X11 not passing the FW
    By Phayder in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 5
    Last Post: 2007-07-04, 11:48
  4. when adding 2nd node in clusterXL , cluster stops passing traffic
    By chgoIT in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2006-11-13, 10:41
  5. Master not passing traffic in Vrrp
    By highpoint_1 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 4
    Last Post: 2006-09-14, 13:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •