https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139056#M36465 <HTML><HEAD></HEAD><BODY><P>its not WLC issue, open case with checkpoint.</P></BODY></HTML> Sun, 31 Mar 2013 09:35:24 GMT Saravanan Lakshmanan 2013-03-31T09:35:24Z https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139055#M36464 <P style="margin: 0cm; margin-bottom: .0001pt;">It happens on a regular basis, that our checkpoint firewall blocks control path traffic (UDP 16666) with the reason 'old UDP session'. When this happens our guest clients lose internet access. The connection restores only after I manually send a series of mping from foreign to anchor WLC.</P><P style="margin: 0cm; margin-bottom: .0001pt;"><SPAN style="font-size: 10pt;"> </SPAN></P><P style="margin: 0cm 0cm 0.0001pt;">Setup: Several 2404 and 5508 foreign WLC with 7.0.235.3 and 7.2.111.3 on the inside corporate network are anchoring to a 5508 with 7.2.111.3 in the DMZ. These connections are used for Guest Internet Access.</P><P></P><P style="margin: 0cm 0cm 0.0001pt;"><SPAN style="font-size: 10pt;">FW Details: Checkpoint: R75.46 - Build 102 / Ipso (os): 6.2-GA055b06 clish 2.1 / HW:&nbsp; IP1285</SPAN></P><P></P><P style="margin: 0cm 0cm 0.0001pt;"><SPAN style="font-size: 10pt;">This situation is becoming really annoying especially as our WLAN infrastructure is growing fast. I would be much obliged for any help with this.</SPAN></P> Sun, 04 Jul 2021 06:48:19 GMT https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139055#M36464 Christian Faessler 2021-07-04T06:48:19Z https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139056#M36465 <HTML><HEAD></HEAD><BODY><P>its not WLC issue, open case with checkpoint.</P></BODY></HTML> Sun, 31 Mar 2013 09:35:24 GMT https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139056#M36465 Saravanan Lakshmanan 2013-03-31T09:35:24Z https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139057#M36466 <HTML><HEAD></HEAD><BODY><P>Yes, it seems to be a checkpoint issue but I was hoping to find someone here who has the same problem and could help me with this.</P></BODY></HTML> Tue, 02 Apr 2013 07:00:38 GMT https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139057#M36466 Christian Faessler 2013-04-02T07:00:38Z https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139058#M36467 <HTML><HEAD></HEAD><BODY><P>Is the problem occuring with every internal WLC or only a select few?</P><P></P><P>Mobility keepalives originate from the controller with the lowest mac address. </P><P>If your problem is only occuring with a select few controllers. perhaps it is only the controllers that your Anchor WLC has the lower mac address of the pair.&nbsp; (implying your Check Point is timing out when packets are sourced from DMZ to Internal but not the other way....)</P><P></P><P>If its not a directional issue, then perhaps you could decrease the mobility keepalive interval. I believe control packets (16666) are sent at 3x the data packets.&nbsp; (so 30s for control and 10s for data)</P><P></P><P>config mobility group keepalive interval&nbsp; ?</P><P></P><P></P><P>Other than that, perhaps someone knows a checkpoint setting at fault....&nbsp; but to Van's point, Checkpoint should be able to provide assistance </P></BODY></HTML> Wed, 03 Apr 2013 02:35:02 GMT https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139058#M36467 wesleyterry 2013-04-03T02:35:02Z https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139059#M36468 <HTML><HEAD></HEAD><BODY><P> It seems that it was definetly a issue with the checkpoint.</P><P></P><P>After some adjustments by our FW team, the situation became a lot better lattely.</P></BODY></HTML> Fri, 09 Aug 2013 13:22:22 GMT https://community.cisco.com/t5/wireless/checkpoint-blocks-mobility-control-path-old-udp-session/m-p/2139059#M36468 Christian Faessler 2013-08-09T13:22:22Z