I have a particularity weird problem,
Clients - [SNAT-CPE(111.111.220.38)] -- Internet -- [CHECKPOINT] - Webserver(111.111.217.51)
PCAP files (anonymized), captured on checkpoint external interface: https://drive.google.com/open?id=1xSif_0HrgA1kTcK8-ND-y05byMlMLAy4
- All client machines are NAT'ed to the same public IP before hitting checkpoint
- Clients try to access a webserver behind checkpoint.
- Only macos/linux machines can access webserver
- All machines can icmp ping webserver.
- Windows machines fail 3-way TCP handshake
- TCP SYN packet is never seen on server nor on internal Checkpoint interface.
- Windows TCP SYN packet is silently dropped in Checkpoint??
- All traffic can be seen on checkpoint external interface.
- No "L7" inspection.
- Nothing in logs.
I have made a rule at the top of checkpoint firewall policy to match my client nat'ed address and webserver address, just accept and log, but still nothing from Windows client. Linux/MacOS works as expected.
No comments:
Post a Comment