CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: Random internet connectivity issues with S@O 1000

  1. #1
    Join Date
    2015-05-09
    Location
    New York, NY
    Posts
    5
    Rep Power
    0

    Default Random internet connectivity issues with S@O 1000

    Hello - I have many of these devices running in multiple locations. A few sites are using the (very very old) Nokia IP60 appliances, a few are running S@O 500-series appliances and most of the remote sites are running 1000-series appliances. All traffic routed through the S2S tunnels experience no issues. Traffic from the internal network to the internet is randomly not passed correctly. For example, for ANY website, the user will be browsing the web just fine and suddenly the endpoint hangs waiting on a dns response. If the user cancels the request and refreshes the page (sometimes 5-7 times) the request goes through and all is well, else the user receives a timeout message from the browser. This issue occurs for ANY device behind the S@O 1000 units with requests being sent to the internet. While the browsers (IE/Safari/Chrome/Firefox) are experiencing issues; I'm still able to do nslookups using the same DNS server as the client is trying to use. In reviewing the logs, there are no specific conversations being that are logged as being blocked by the appliance. I have set the firewall security level (Security --> firewall tab) to low. I have gone through the SmartDefense wizard (security --> smartdefense tab) and set that to minimum. I've tried creating rules that allow all outbound traffic from a specific client (even though setting the firewall security level to low allows all outbound traffic), and even gone as far as to temporarily allow an any-any inbound rule to allow traffic, still with the same result of random connectivity to at least 2 public services. DNS & NTP. I've tried using multiple public DNS server and multiple public NTP servers... all of the servers I've tried eventually respond, but the responses are intermittent and frustrating.

    I have tried multiple devices behind these S@O 1000-series appliances and all are experiencing the same issues, some examples of devices I've tried are Mac, windows, windows server (2008/2012/2012R2), vmware esxi6 (struggles getting NTP constantly), AppleTV (can't get NTP replies and hangs), Synology NAS units struggle to resolve the update server addresses and are unable to get updates (simple http request)... eventually the updates come through and all is well, but it takes hours or days to have the units connect to their update servers. I've also tried factory resetting the S@O devices, and only using default settings, and still experience the same issues, so I don't believe my specific configuration to be the cause. I've also replaced the S@O devices with a netgear unit from best buy and all is well, but they don't support S2S VPN....

    The S@O units are running 8.2.64

    Thanks in advance & any assistance you can provide would be greatly appreciated.

    Nick

  2. #2
    Join Date
    2015-05-09
    Location
    New York, NY
    Posts
    5
    Rep Power
    0

    Default Re: Random internet connectivity issues with S@O 1000

    I just tried upgrading to 8.2.77 (released on 7/20/15) and even though the release notes didn't say anything about this specific issue, I figured I'd try out the new firmware.

    Still experiencing the same; random connectivity issues.

    Thanks again for any assistance in advance!
    Nick

Similar Threads

  1. Loss of internet connectivity after policy push
    By dwmaas in forum Miscellaneous
    Replies: 4
    Last Post: 2011-11-04, 18:50
  2. Internet Connectivity Issue
    By fauzzi in forum Check Point UTM-1 Appliances
    Replies: 14
    Last Post: 2011-02-09, 07:49
  3. R65 HFA40 => R71.10 = connectivity issues
    By Florian in forum Installing And Upgrading
    Replies: 3
    Last Post: 2010-09-24, 03:42
  4. SecuRemote connectivity issues
    By tomv919 in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-08-14, 15:32
  5. Troubleshooting connectivity issues with NAT
    By roadrunner in forum NAT (Network Address Translation)
    Replies: 0
    Last Post: 2005-08-13, 15:08

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •