![]() fw_log_drop_conn: Packet (public ip on Check Point):4500 IPP 17>, dropped by do_inbound, Reason: decryption failed ![]() fw_log_drop_ex: Packet proto=17 (public ip on NAT router):4500 -> (public ip on Check Point):0 dropped by asm_stateless_verifier Reason: UDP src/dst port 0 We do see drops with fw ctl zdebug + drop for communication between the 2 wan ip addresses No drops between src and dst with fw ctl zdebug + drop With tcpdump on Check Point we only see syn from src to dst, no ack from dst to src. The answer is send, can be seen on the FortiGate but doesn't arive at the original sending host. When sending traffic from LAN behind Check Point to LAN behind FortiGate, the traffic arrives at the host behind the FortiGate. On both firewalls tunnel status is shown as up. More specifically between our Check Point R80.10 gateway and Fortigate gateways that are behind a NAT router. We are having problems with some vpn tunnels since we upgraded our firewall gateway to R80.10 (previous R77.30) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |