CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Page 1 of 2 12 LastLast
Results 1 to 20 of 32

Thread: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

  1. #1
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Hi guys,

    We're now on our 3rd Fortigate cluster being deployed. All three clusters are running 5.4.5 (FortiOS) and are connecting to DataCenter where Checkpoint 5400 using R77.30 sits.

    All three IPSEC tunnels behave the same, packets being dropped by Checkpoint with the following reasons:
    - dropped by vpn_encrypt_chain Reason: No error; if SecureXL is turned off
    - dropped by do_outbound, Reason: encryption failed; if SecureXL is turned on

    I am putting these messages so maybe someone else will find this later also.

    [Expert@MACH-001C:0]# fw ctl zdebug + drop | grep 172.17.13

    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.188:19142 -> 172.17.131.11:60715 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=17 172.17.120.71:67 -> 172.17.131.11:68 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.90:3128 -> 172.17.131.12:60824 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.90:3128 -> 172.17.131.12:60823 dropped by vpn_encrypt_chain Reason: No error;


    After 2months of tshoot CP TAC provided these logs where it's being shown that Fortigates does delete the SPIs:

    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:5, Data offset:22, Type:int32 Number, Value:1160329220
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:5, Data offset:22, Type:eFtCstring, Value:IKE
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:6, Data offset:23, Type:eFtCstring, Value:Informational Exchange Received Delete IPSEC-SA from Peer: 69.41.56.4; SPIs: c910faec
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:7, Data offset:45, Type:eFtCstring, Value:
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:8, Data offset:46, Type:eFtCstring, Value:
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:9, Data offset:47, Type:eFtCstring, Value:82860dae


    Packet capture shows that after 1st three messages where SPIs is being agreed, Checkpoint sends this malformed packet

    Click image for larger version. 

Name:	Capture.jpg 
Views:	33 
Size:	43.6 KB 
ID:	1337

    Do you have any idea what does this Malformed Quick Mode packet means?

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,088
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    Hi guys,

    We're now on our 3rd Fortigate cluster being deployed. All three clusters are running 5.4.5 (FortiOS) and are connecting to DataCenter where Checkpoint 5400 using R77.30 sits.

    All three IPSEC tunnels behave the same, packets being dropped by Checkpoint with the following reasons:
    - dropped by vpn_encrypt_chain Reason: No error; if SecureXL is turned off
    - dropped by do_outbound, Reason: encryption failed; if SecureXL is turned on

    I am putting these messages so maybe someone else will find this later also.

    [Expert@MACH-001C:0]# fw ctl zdebug + drop | grep 172.17.13

    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.188:19142 -> 172.17.131.11:60715 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=17 172.17.120.71:67 -> 172.17.131.11:68 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.90:3128 -> 172.17.131.12:60824 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.120.90:3128 -> 172.17.131.12:60823 dropped by vpn_encrypt_chain Reason: No error;


    After 2months of tshoot CP TAC provided these logs where it's being shown that Fortigates does delete the SPIs:

    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:5, Data offset:22, Type:int32 Number, Value:1160329220
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:5, Data offset:22, Type:eFtCstring, Value:IKE
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:6, Data offset:23, Type:eFtCstring, Value:Informational Exchange Received Delete IPSEC-SA from Peer: 69.41.56.4; SPIs: c910faec
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:7, Data offset:45, Type:eFtCstring, Value:
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:8, Data offset:46, Type:eFtCstring, Value:
    [ 12869][19 Oct 8:24:30][CPLOG_BIN_OBJ] CBinObjCommon::PackLogData: Field number:9, Data offset:47, Type:eFtCstring, Value:82860dae


    Packet capture shows that after 1st three messages where SPIs is being agreed, Checkpoint sends this malformed packet

    Click image for larger version. 

Name:	Capture.jpg 
Views:	33 
Size:	43.6 KB 
ID:	1337

    Do you have any idea what does this Malformed Quick Mode packet means?
    Need to see overall packet flow of Quick Mode to know more. Are you saying that Phase 1 completes (6 packets), then Quick Mode/Phase 2 completes (3 packets) and then the malformed packet occurs?

    Malformed packet in Phase 1 generally means the PSK does not match on both ends, in the context of Phase 2 I'd guess that there are different DH groups selected for PFS. Can you disable PFS temporarily on both sides and see if it helps?

    Also in general Fortinets (and Sonicwall/Juniper too) must have an EXACT match for the subnets/Proxy-IDs proposed to them in phase 2, matching subsets are not allowed as they would be for Check Point & Cisco. That could also be why Phase 2 is having problems.
    --
    My Book "Max Power: Check Point Firewall Performance Optimization"
    Second Edition Coming Soon

  3. #3
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by ShadowPeak.com View Post
    Need to see overall packet flow of Quick Mode to know more. Are you saying that Phase 1 completes (6 packets), then Quick Mode/Phase 2 completes (3 packets) and then the malformed packet occurs?

    Malformed packet in Phase 1 generally means the PSK does not match on both ends, in the context of Phase 2 I'd guess that there are different DH groups selected for PFS. Can you disable PFS temporarily on both sides and see if it helps?

    Also in general Fortinets (and Sonicwall/Juniper too) must have an EXACT match for the subnets/Proxy-IDs proposed to them in phase 2, matching subsets are not allowed as they would be for Check Point & Cisco. That could also be why Phase 2 is having problems.
    I just uploaded the capture file along and with the cookie/enc keys

    ikev1_decryption_table.txtwan1.pcap.txt

    Tunnel gets established and traffic is flowing back and forth. It's just some of the traffic 1-2% is being dropped.

    To easily follow the traffic path issue, please look after messages:
    142, 145, 146 when SPI is being negotiated and then 149 when that "extra malformed packet" is being sent.

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,088
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    I just uploaded the capture file along and with the cookie/enc keys

    ikev1_decryption_table.txtwan1.pcap.txt

    Tunnel gets established and traffic is flowing back and forth. It's just some of the traffic 1-2% is being dropped.

    To easily follow the traffic path issue, please look after messages:
    142, 145, 146 when SPI is being negotiated and then 149 when that "extra malformed packet" is being sent.
    Just because an external entity like Wireshark thinks a packet is malformed when encryption is involved is not enough to go on. Your packet capture doesn't help much because all Quick mode negotiations are encrypted.

    Please provide the ike.elg file produced after running vpn debug ikeon, reproduce the problem, vpn debug ikeoff.

    Also are you using "pair of hosts" under VPN Tunnel Sharing in the VPN community? This will cause lots of Phase 2 tunnels to get generated, some of which may not match the policy on the Fortinet and get rejected. Effect will be some traffic flows fine other traffic does not.
    --
    My Book "Max Power: Check Point Firewall Performance Optimization"
    Second Edition Coming Soon

  5. #5
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    999
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Not sure if this critical problem for you at this point, but if you are under pressure to get it working you could try with following:

    Global Properties > SmartDashboard Customization > Configure > VPN Advanced Properties > VPN IKE Properties >Select ike_handle_initial_contact, ike_send_initial_contact, and keep_IKE_SAs > Install Policy.

  6. #6
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by ShadowPeak.com View Post
    Just because an external entity like Wireshark thinks a packet is malformed when encryption is involved is not enough to go on. Your packet capture doesn't help much because all Quick mode negotiations are encrypted.

    Please provide the ike.elg file produced after running vpn debug ikeon, reproduce the problem, vpn debug ikeoff.

    Also are you using "pair of hosts" under VPN Tunnel Sharing in the VPN community? This will cause lots of Phase 2 tunnels to get generated, some of which may not match the policy on the Fortinet and get rejected. Effect will be some traffic flows fine other traffic does not.
    vpn debug was collected by CP TAC about 1 month ago - for the record this is now a 2 months old case - I ll try to find it on the case attachments.
    Until last week we ran on traditional mode on the CP gateway and I had a HIGH hope that simplified mode will solve it. It was not the case :(. Now on the community I am using One VPN tunnel per subnet pair.

    Fortigate usually shows between 4 up to 6 "Phase 2 associations "-- depending on the time of the day.

    Any other global info:
    - we experience this issue between 3 Fortinet clusters and this CP cluster
    - Fortinet boxes range both on SW version and HW model
    - same Fortinet boxes have site-to-site tunnels to other CP models (one using traditional mode and others using simplified), but none of these "pair" reports a similar error.

    Thanks for your time (everyone) !

    L.E. for the capture attached, I also put the ENC keys of the session so everyone should be able to read it plain text.
    Last edited by laf_c; 2017-10-25 at 15:07.

  7. #7
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by abusharif View Post
    Not sure if this critical problem for you at this point, but if you are under pressure to get it working you could try with following:

    Global Properties > SmartDashboard Customization > Configure > VPN Advanced Properties > VPN IKE Properties >Select ike_handle_initial_contact, ike_send_initial_contact, and keep_IKE_SAs > Install Policy.
    I am not sure what each settings does, but we currently have all options ticked, but ike_send_initial_contact

    Will this help significantly?

  8. #8
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    999
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    I am not sure what each settings does, but we currently have all options ticked, but ike_send_initial_contact

    Will this help significantly?
    These are used when you have 3rd party that is not respecting handling of SA's requested by the other side (if for example one side said delete SA and the other one just ignores it).
    I've seen this in few cases latest few weeks ago where timers and settings were 100% correct on both side, even then the remote side just ignored it, causing the tunnels to break now and then (mostly when def 3600s timeout).
    Word of caution tho, unless environment permits you to "test around" is that this is global setting, so it will affect all of your tunnels. Should have clarified this in the first post (even tho its implicit by being in "global properties". Those 3 variables are tied together, so all 3 should be enabled.
    Somewhat more info about it here: http://dl3.checkpoint.com/paid/ee/VP...perability.pdf (and yes its still relevant even tho document is old)

  9. #9
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by abusharif View Post
    These are used when you have 3rd party that is not respecting handling of SA's requested by the other side (if for example one side said delete SA and the other one just ignores it).
    I've seen this in few cases latest few weeks ago where timers and settings were 100% correct on both side, even then the remote side just ignored it, causing the tunnels to break now and then (mostly when def 3600s timeout).
    Word of caution tho, unless environment permits you to "test around" is that this is global setting, so it will affect all of your tunnels. Should have clarified this in the first post (even tho its implicit by being in "global properties". Those 3 variables are tied together, so all 3 should be enabled.
    Somewhat more info about it here: http://dl3.checkpoint.com/paid/ee/VP...perability.pdf (and yes its still relevant even tho document is old)
    Seems I cannot download it; I asked the case owner to give me more info and maybe the document.

    I ll keep you posted, guys!

  10. #10
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    999
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    Seems I cannot download it; I asked the case owner to give me more info and maybe the document.

    I ll keep you posted, guys!
    Try this one:
    downloads.checkpoint.com/dc/download.htm?ID=7853

  11. #11
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,016
    Rep Power
    13

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by abusharif View Post
    Try this one:
    downloads.checkpoint.com/dc/download.htm?ID=7853
    Oh boy, this is a VERY old document...
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  12. #12
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    999
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by varera View Post
    Oh boy, this is a VERY old document...
    Indeed it is, but in this specific case for retaining SPI's, procedure is same all the way up to and including r80.10, so it should be fine :p

  13. #13
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Any idea if vpn debug on mon command can be used on R77.30 or newer? I just tried it but didn't work.

    I also attached the ike.elg file ike.elg.txt and captured traffic after deleting the "trouble tunnel".
    69.41.56.4 is the Fortigate gateway that we're having issues.

    Any hint to solve this is greatly valued.

    Since yesterday I gave it a try and migrated one tunnel between Fortigate and CP to ikev2, but the errors/behavior is the same.

  14. #14
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,480
    Rep Power
    8

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Are both sides setup for Certificate base VPN instead of PSK. Is that correct? Looks like a cert issue right now.

  15. #15
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by jflemingeds View Post
    Are both sides setup for Certificate base VPN instead of PSK. Is that correct? Looks like a cert issue right now.
    Nope - both sides 're using PSK. Where did you get that cert issue?

  16. #16
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,480
    Rep Power
    8

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    oops, loaded wrong IKE.elg file. ignore!

    Nothing to see here! .. um... yet! :D

  17. #17
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,088
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    Any idea if vpn debug on mon command can be used on R77.30 or newer? I just tried it but didn't work.

    I also attached the ike.elg file ike.elg.txt and captured traffic after deleting the "trouble tunnel".
    69.41.56.4 is the Fortigate gateway that we're having issues.

    Any hint to solve this is greatly valued.

    Since yesterday I gave it a try and migrated one tunnel between Fortigate and CP to ikev2, but the errors/behavior is the same.
    OK looked at the IKE.elg with ikeview, couple of observations in order of likelihood:

    1) There are multiple Phase 2 tunnels starting for all the different combinations of subnets/Proxy-IDs. I find it interesting that as soon as you get 5 successful IPSEC Phase 2 tunnels (that were proposed by your firewall) the Fortinet immediately invalidates one of them (usually the oldest one) with the Delete SA notification. There are not any overlaps between both subnets in the various SAs so I don't think it is a matter of trying to aggregate multiple smaller subnets into one big tunnel. It is like there is some kind of limit being enforced as far as the number of Phase 2 tunnels allowed on the Fortinet side per peer or per IKE Phase1 tunnel. I took a look in the Fortinet documentation and can't seem to find any reference to this, you may want to ask Fortinet support about it. It's just weird that things come to a screeching halt at exactly 5 Phase 2 tunnels over and over again, is this a very small or SOHO Fortinet hardware model?

    2) The Fortinet is requesting DPD in IKE Phase 1 but the Check Point doesn't appear to be letting him have it. It is possible that all the delete SAs are DPD getting pissed off on the Fortinet side because it is not getting an answer from the Check Point and it is immediately declaring the Phase 2 tunnels dead. Try enabling DPD for this VPN on the Check Point, the way you do it is enable Permanent Tunnels in the VPN Community settings then follow the "Permanent Tunnel based on DPD mode" instructions in sk97746 which involves GUIdbedit. Or alternatively try turning off DPD on the Fortinet end and see what happens.

    3) It is possible (though unlikely) that you are somehow running afoul of Replay Detection on the Fortinet end. Try turning it off.
    --
    My Book "Max Power: Check Point Firewall Performance Optimization"
    Second Edition Coming Soon

  18. #18
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by ShadowPeak.com View Post
    OK looked at the IKE.elg with ikeview, couple of observations in order of likelihood:

    1) There are multiple Phase 2 tunnels starting for all the different combinations of subnets/Proxy-IDs. I find it interesting that as soon as you get 5 successful IPSEC Phase 2 tunnels (that were proposed by your firewall) the Fortinet immediately invalidates one of them (usually the oldest one) with the Delete SA notification. There are not any overlaps between both subnets in the various SAs so I don't think it is a matter of trying to aggregate multiple smaller subnets into one big tunnel. It is like there is some kind of limit being enforced as far as the number of Phase 2 tunnels allowed on the Fortinet side per peer or per IKE Phase1 tunnel. I took a look in the Fortinet documentation and can't seem to find any reference to this, you may want to ask Fortinet support about it. It's just weird that things come to a screeching halt at exactly 5 Phase 2 tunnels over and over again, is this a very small or SOHO Fortinet hardware model?

    2) The Fortinet is requesting DPD in IKE Phase 1 but the Check Point doesn't appear to be letting him have it. It is possible that all the delete SAs are DPD getting pissed off on the Fortinet side because it is not getting an answer from the Check Point and it is immediately declaring the Phase 2 tunnels dead. Try enabling DPD for this VPN on the Check Point, the way you do it is enable Permanent Tunnels in the VPN Community settings then follow the "Permanent Tunnel based on DPD mode" instructions in sk97746 which involves GUIdbedit. Or alternatively try turning off DPD on the Fortinet end and see what happens.

    3) It is possible (though unlikely) that you are somehow running afoul of Replay Detection on the Fortinet end. Try turning it off.
    1) We have three Fortigate cluster: 2x 100D and 1x 60E. I can't call 100D as SOHO, but I ll ask Fortinet support about any limitation.

    2) I have disabled DPD on the 60E and I have disabled on 100D for some time. Same output! In regard of this result does it make sense to spend time and enable DPD on both Fortigate and CP according to sk97746 ?

    3) I am not sure what you meant to say here? I can disable replay detection on Fortigate if this is the case...

  19. #19
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,088
    Rep Power
    12

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    Quote Originally Posted by laf_c View Post
    1) We have three Fortigate cluster: 2x 100D and 1x 60E. I can't call 100D as SOHO, but I ll ask Fortinet support about any limitation.

    2) I have disabled DPD on the 60E and I have disabled on 100D for some time. Same output! In regard of this result does it make sense to spend time and enable DPD on both Fortigate and CP according to sk97746 ?
    Not a bad idea to try enabling it at least, since the Fortigate is asking for it in IKE Phase 1 packet 1. Having DPD active can help correct certain situations and this might be one of them.

    3) I am not sure what you meant to say here? I can disable replay detection on Fortigate if this is the case...
    Yes, give that a try. Unlikely to help but needs to be ruled out.

    Also check out the ike_keep_child_sa_interop_devices variable as mentioned in sk108600, sounds a lot like your situation.
    --
    My Book "Max Power: Check Point Firewall Performance Optimization"
    Second Edition Coming Soon

  20. #20
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    642
    Rep Power
    5

    Default Re: Checkpoint to Fortigate IPSEC tunnel (SPIs being deleted)

    I had today 90' remote session with Fortinet TAC. After getting rid of Level1 this engineer performed a full head to tail scenario inspection just in case I missed something like interface line rate, BW overutilization, etc.

    They are to review the case and find out what's behind that SPI delete phase.
    I ll keep you posted.

    L.E. one quick question: how can I stamp each drop message with the exact date and time?

    [Expert@MACH-001C:0]# fw ctl zdebug + drop | grep 172.17.13


    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.125.25:2000 -> 172.17.132.232:52008 dropped by vpn_encrypt_chain Reason: No error;
    ;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 172.17.125.25:2000 -> 172.17.132.235:49812 dropped by vpn_encrypt_chain Reason: No error;


    I'd like to have the time next to each error message. Is this possible?
    Last edited by laf_c; 2017-10-30 at 15:49.

Page 1 of 2 12 LastLast

Similar Threads

  1. Ipsec VPN with fortigate
    By ranga1983 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2017-05-15, 02:16
  2. HOW TO IDENTIFY TRAFFIC USING IPSEC TUNNEL AND NON TUNNEL TRAFFIC ON CHECKPOINT SMART
    By gbollyd in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 4
    Last Post: 2011-09-21, 09:10
  3. Checkpoint to Fortigate IPSec VPN
    By roscop2011 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 7
    Last Post: 2011-04-05, 21:45
  4. VPN tunnel between Checkpoint and Racoon with IPSec
    By iutgtr in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2011-04-03, 03:34
  5. Replies: 4
    Last Post: 2011-03-31, 17:21

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •