CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 13 of 13

Thread: PPPoE problem

  1. #1
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default PPPoE problem

    Hello,
    Ping over PPPOE is ok but problem with web. Changed mto to 1400, no result(by the way, mtu changes when IP is written only, so I wrote IP -> changed mtu-> delete IP on interface where PPPoE works). Any idea where is a problem?
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  2. #2
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    From there https://sc1.checkpoint.com/documents...ide/104587.htm

    fw ctl set int fw_clamp_tcp_mss 1
    fw ctl set int fw_tcp_mss_value 1400
    fw: Set operation failed: failed to get parameter
    fw: set: Operation failed: Unknown error 4294967295
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  3. #3
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,139
    Rep Power
    12

    Default Re: PPPoE problem

    Which hardware platform and what OS version?
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  4. #4
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    Quote Originally Posted by msjouw View Post
    Which hardware platform and what OS version?
    4200 R77.30
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  5. #5
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,139
    Rep Power
    12

    Default Re: PPPoE problem

    have a look at this article https://supportcenter.checkpoint.com...&product=IPSec
    Keep in mind that the PPPoE header is only 8 bytes, so the MTU goes back to 1492 and the MSS to 1452.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  6. #6
    Join Date
    2012-01-04
    Posts
    1
    Rep Power
    0

    Default Re: PPPoE problem

    Hi

    Does the CP the PPPoe-dialin itself? If yes, you have to disable SecureXL.

    see sk79880

  7. #7
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    This is surprise for me
    fw ctl set int fw_clamp_tcp_mss 1
    fw: Warning: Can't find ::CPSB-CTNT in cp.macro. License version might be not compatible
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  8. #8
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,139
    Rep Power
    12

    Default Re: PPPoE problem

    Quote Originally Posted by Serge17 View Post
    fw: Warning: Can't find ::CPSB-CTNT in cp.macro. License version might be not compatible
    These messages are about Content scanning, which you can safely ignore.

    Did you get any further with this?
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  9. #9
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    Now its okay for me. Thank you all
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  10. #10
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    After every policy install I need to enter this command again:
    fw ctl set int fw_clamp_tcp_mss 1
    How to resolve this issue?
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  11. #11
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: PPPoE problem

    Quote Originally Posted by Serge17 View Post
    After every policy install I need to enter this command again:
    fw ctl set int fw_clamp_tcp_mss 1
    How to resolve this issue?
    is it setting back to 0 after a policy push? BTW i'm guessing you did but did you also set that in the fwkern.conf?

  12. #12
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: PPPoE problem

    Quote Originally Posted by jflemingeds View Post
    is it setting back to 0 after a policy push? BTW i'm guessing you did but did you also set that in the fwkern.conf?
    Hello, yes. I set it in fwkern.conf, maybe something wrong:
    [Expert@msk-hq-fw-b-01:0]# more $FWDIR/boot/modules/fwkern.conf
    fw_clamp_tcp_mss 1
    [Expert@msk-hq-fw-b-01:0]#
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  13. #13
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: PPPoE problem

    Quote Originally Posted by Serge17 View Post
    Hello, yes. I set it in fwkern.conf, maybe something wrong:
    [Expert@msk-hq-fw-b-01:0]# more $FWDIR/boot/modules/fwkern.conf
    fw_clamp_tcp_mss 1
    [Expert@msk-hq-fw-b-01:0]#
    should be like this.
    fw_clamp_tcp_mss=1

    But that file is only read on boot up. Did you possibly reboot after policy install?

    Need to understand if its going back to zero after policy install also. If it is you should contact checkpoint support.

Similar Threads

  1. pppoe with dhcp
    By Gates in forum Miscellaneous
    Replies: 0
    Last Post: 2011-12-19, 12:01
  2. PPPoE
    By wolfmeiister in forum Miscellaneous
    Replies: 0
    Last Post: 2010-08-19, 09:54
  3. DHCP through PPPoE - VPN problem
    By solarix777 in forum Check Point UTM-1 Edge Appliances
    Replies: 3
    Last Post: 2006-12-19, 16:07
  4. Problem with pppoe and nat
    By maikolkein in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 1
    Last Post: 2006-12-05, 04:09
  5. pppoe SPLAT
    By james in forum Topology Issues
    Replies: 4
    Last Post: 2006-06-10, 07:46

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •