Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
1
Helpful
10
Replies

TCP-RST

Buka Jorbenadze
Level 1
Level 1

‎12-02-2024 09:53 AM - last edited on ‎12-02-2024 10:51 AM by Community Manager

Hello

I have a Check-Point virtual firewall in the network, connected to  router, with a 0.0.0.0 route pointing towards the router. When the Check-Point needs to update, it  traffic through the router, which performs NAT to an external IP. 

Now, the issue is as follows: I captured traffic on the router and observed returned packets with RST. The source is 1.1.11.1 and the destination IPs are shown in the screenshot. Additionally, at certain moments, updates are partially downloaded—some files are retrieved, but then the connection stops and resets.

I suspect the issue might be related to the router. This capture  take from   router's interface.

I am also sharing the command executed from the Check Point server, which failed to complete successfully.

thanks 

Labels:
Preview file
126 KB
Preview file
41 KB
10 Replies 10

MHM Cisco World
VIP
VIP

‎12-02-2024 10:17 AM

TCP-RST can cause of Asymmetric you point the traffic toward the router but the retrun traffic is still come toward FW

MHM 

0 Helpful

Buka Jorbenadze
Level 1
Level 1
In response to MHM Cisco World

‎12-02-2024 10:24 AM

Where would the asymmetry occur? The outgoing and incoming  interfaces on the firewall are the same

0 Helpful

MHM Cisco World
VIP
VIP
In response to Buka Jorbenadze

‎12-02-2024 10:31 AM

you redirect traffic to router, am I correct ?

0 Helpful

Buka Jorbenadze
Level 1
Level 1
In response to MHM Cisco World

‎12-02-2024 10:45 AM

Yes, I am sending  update traffic from the Check Point, and it goes to the router, then  returned traffic enters the router and goes to the Check Point and this  capture i took it from the router.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Buka Jorbenadze

‎12-02-2024 11:34 AM

tcp.flags.reset == 1 <<- use this to filter and disaply only rest packet 
then add new column TTL let see which TTL appear for above filter packet 

MHM

0 Helpful

Buka Jorbenadze
Level 1
Level 1
In response to MHM Cisco World

‎12-02-2024 11:15 PM

BukaJorbenadze_0-1733210069051.png

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Buka Jorbenadze

‎12-02-2024 11:42 PM - edited ‎12-02-2024 11:43 PM

win=0 
the client buffer is full that why no ACK and packet need to re transmit 

check bug and windows scale op in both clinet and server 

MHM

0 Helpful

Flavio Miranda
VIP
VIP

‎12-02-2024 10:21 AM - edited ‎12-02-2024 10:22 AM

@Buka Jorbenadze 

 It does not make sense. The command you ran on CheckPoint is trying to connect on port 80. You had one success and one fail attempt. 
 The log you collected from router is HTTPS traffic, port 443.  For me, it is not the same traffic. 
who have the IP address 1.1.11.1 ?

0 Helpful

Buka Jorbenadze
Level 1
Level 1
In response to Flavio Miranda

‎12-02-2024 10:52 AM

I think this traffic is difference not for update Server, The checkpoint IP address is 1.1.11.1

0 Helpful

Flavio Miranda
VIP
VIP
In response to Buka Jorbenadze

‎12-02-2024 11:16 AM

If the CheckPoint have the IP address 1.1.11.1 then the check point sent the reset when the IP address on the internet tried to communicate on port 443 with CP.

Make sure you have rule allowing this traffic coming from the internet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card