- Posts: 251
- Thank you received: 0
Duplicated traffic
16 years 4 days ago #28230
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Duplicated traffic was created by Chojin
Hey guys (and girls ofcourse 
).
I'm a bit confused... seems my cisco knowledge isn't as good as I hoped
.
Currently I'm facing a problem where our firewall receives traffic on 2 interfaces... seriously
... no Span ports configured or port-channels, just 2 interfaces on the switch connected to 2 interfaces of the firewall.. and seems both ports are used, but the strange part ... it is only used for a couple of computers.
So.. To make a little bit of drawing :
[Server (Vlan1) ] --> [Core Switch] --> [DMZ Switch] --> [Firewall]
[Server (Vlan2) ] --> [Core Switch] --> [DMZ Switch] --> [Firewall]
The server on VLAN 1 reaches the firewall on interface 1 and 2
The server on VLAN 2 reaches the firewall on interface 1 only.
On the DMZ switch we make use of private-vlan configuration.
Anyone an idea how this could be possible?!
Thanks
).I'm a bit confused... seems my cisco knowledge isn't as good as I hoped
.Currently I'm facing a problem where our firewall receives traffic on 2 interfaces... seriously
... no Span ports configured or port-channels, just 2 interfaces on the switch connected to 2 interfaces of the firewall.. and seems both ports are used, but the strange part ... it is only used for a couple of computers.So.. To make a little bit of drawing :
[Server (Vlan1) ] --> [Core Switch] --> [DMZ Switch] --> [Firewall]
[Server (Vlan2) ] --> [Core Switch] --> [DMZ Switch] --> [Firewall]
The server on VLAN 1 reaches the firewall on interface 1 and 2
The server on VLAN 2 reaches the firewall on interface 1 only.
On the DMZ switch we make use of private-vlan configuration.
Anyone an idea how this could be possible?!
Thanks
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
16 years 4 days ago #28239
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Duplicated traffic
hmm, not sure about Checkpoint, but since the Server (on Vlan2) is able to reach interface 1 that confirms that back and forth traffic is finding the write routes. So the first thing I could think of is the policy in the firewall.
For example, in ASAs and PIXes. By default, traffic is allowed to flow from a higher security level interface to a lower security level interface . But not vise versa. You'd need an ACL (and in some cases a static map) to allow the reverse traffic. The Checkpoint could have similar rules.
I assume here that interface 1 is on VLAN1 and interface 2 is on VLAN2. And that gateways on the servers are configured properly. And that both switches are working at layer 2 (at least for this case). It's a bit odd that the Server on VLAN2 can reach the interface on VLAN1 but not the interface on it's own VLAN2!!
For example, in ASAs and PIXes. By default, traffic is allowed to flow from a higher security level interface to a lower security level interface . But not vise versa. You'd need an ACL (and in some cases a static map) to allow the reverse traffic. The Checkpoint could have similar rules.
I assume here that interface 1 is on VLAN1 and interface 2 is on VLAN2. And that gateways on the servers are configured properly. And that both switches are working at layer 2 (at least for this case). It's a bit odd that the Server on VLAN2 can reach the interface on VLAN1 but not the interface on it's own VLAN2!!
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
16 years 2 days ago #28247
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Replied by Chojin on topic Re: Duplicated traffic
Today after a long day of work.. we figured out .
Seems the checkpoint firewall has some kinda bug and twitched arround the source/destination... so, in fact source was destination and destination was source
in our log there was :
Server A > Server B [OK]
Server A > Server B [Drop]
While this was in fact :
Server A > Server B [Ok]
Server B > Server A [Drop]
Seems server B had a wrong route for a subnet to send it towards a wrong interface on the firewall... still don't get it why the checkpoint twitched the source/destination.. when i know I'll let ya know
.Seems the checkpoint firewall has some kinda bug and twitched arround the source/destination... so, in fact source was destination and destination was source
in our log there was :
Server A > Server B [OK]
Server A > Server B [Drop]
While this was in fact :
Server A > Server B [Ok]
Server B > Server A [Drop]
Seems server B had a wrong route for a subnet to send it towards a wrong interface on the firewall... still don't get it why the checkpoint twitched the source/destination.. when i know I'll let ya know
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Time to create page: 0.165 seconds