CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Firewall blocking without rules

  1. #1
    Join Date
    2011-10-20
    Posts
    163
    Rep Power
    10

    Default Firewall blocking without rules

    I have the Application Control enabled.

    Some websites are being blocked, without showing the block message. The webpage only doesn't respond. The https inspection is not enabled.

    I run a fw ctl zdebug drop on the firewall and get a lot of logs "dropped by fwpslglue_chain Reason: PSL Reject: ASPII_MT;"

    I believe that this could be the problem, but how to solve?

  2. #2
    Join Date
    2011-10-20
    Posts
    163
    Rep Power
    10

    Default Re: Firewall blocking without rules

    It seems that the problem with the ISP, I made a route to another ISP that we have and the problem gone.

    Maybe some routes inside the ISP.

  3. #3
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    9

    Default Re: Firewall blocking without rules

    If you have application control enabled you should also enable usercheck to present users with a block/click through warning.

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    14

    Default Re: Firewall blocking without rules

    When the ISP is connected via a PPPoE connection you have an MTU issue, more and more websites are setting the DoNotFragment bit in the packets.
    The PPPoE header takes 8 bytes from the 1500 available bytes. So lower your MTU on the Firewalls interfaces and you should be ok.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Writing Firewall Rules by Domain Name.
    By PTVenom in forum Firewall Policy Management Best Practices
    Replies: 4
    Last Post: 2014-03-02, 16:03
  2. Firewall Blocking H323 Traffic
    By Bergonse in forum Firewall Blade
    Replies: 2
    Last Post: 2014-02-26, 14:56
  3. Extract firewall rules
    By techsharp in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 5
    Last Post: 2010-05-17, 05:09
  4. Firewall Rules Lost
    By ds5879 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 3
    Last Post: 2007-10-26, 18:22
  5. Windows Firewall Blocking Spyware Updates
    By Kurgen727 in forum Secure Access
    Replies: 0
    Last Post: 2006-11-15, 09:52

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •