Checkpoint   Checkpoint – dropped Reason: UDP packet that belongs to an old session



Problem

Last week I came across a DHCP problem. Devices from certain VLAN were not getting DHCP assigned IP.

Even though firewall policy should have accepted those packets, tcpdump showed Checkpoint gateway was not forwarding them to the destination.

To capture DHCP traffic:

# tcpdump -n -i <interface> port 67 or port 68 -e

Incoming interface DHCP tcpdump:

# tcpdump 
Read more

Windows   Windows – Add secondary IP addresses to interface



Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)
Add secondary IP addresses to interface

After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected Read more

Checkpoint   Checkpoint – Hide NAT vs Static NAT



This post tries to be a simple explanation of the Hide NAT and Static NAT concepts.
Given the following simple company network let's see how this NAT types could fit in this scenario:

Hide Static NAT example scenario

  • We need the web server to be published, so it needs to be accesible from the Internet
  • We need all the workstations to be able to browse
Read more