Home > Community > Technology > Network Management > Airwave ERM give problems with Checkpoint Firewall

Network Management

Reply
Topic Options
dannyvanderaa
Occasional Contributor I
dannyvanderaa
Posts: 6
Registered: ‎02-05-2016

Airwave ERM give problems with Checkpoint Firewall

Options

‎03-08-2017 11:39 PM

Hi all,

 

We are installing worldwide new Checkpoint firewalls. Now we see in the tracker of Checkpoint the following logs

 

Check Point logging laat geblokte snmp-traps zien:

Number:                3338438
Date:                     21Feb2017
Time:                     12:28:06
Interface:               eth3
Origin:                   <firewall>
Type:                     Log
Action:                   Drop
Service:                gsnmp-trap (162)
Source Port:          54606
Source:                 <Wireless Virtual Controller or AP>
Destination:          <Airwave server address>
Protocol:               udp
Information:          message_info: Violated unidirectional connection
Product:                Security Gateway/Management
Product Family:    Network
Policy Info:            Policy Name: Standard
                              Created at: Tue Feb 21 09:56:58 2017
                              Installed from: fw-mgmt-internal1

Checkpoint has an article about this:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31808&partition=Advanced&product=Security

But this doesn't help us.

Does someone has experience with this, or can help us.

 

 

Alert a Moderator
Message 1 of 4 (287 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph
Posts: 21,269
Registered: ‎03-29-2007

Re: Airwave ERM give problems with Checkpoint Firewall

Options

‎03-09-2017 12:16 AM

Without knowing anything, it looks like a controller or AP is sending traps to Airwave, which is perfectly normal.  You might want to ask Checkpoint to clarify.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 2 of 4 (283 Views)
Reply
0 Kudos
dannyvanderaa
Occasional Contributor I
dannyvanderaa
Posts: 6
Registered: ‎02-05-2016

Re: Airwave ERM give problems with Checkpoint Firewall

Options

‎03-09-2017 01:05 AM

Hi Colin,

 

Thanks for your reply. It seems the way the AP/Controller is sending the trap is not according the official way or is using the same source port to quick after each other.

Comment of Checkpoint FAQ

CauseBy default, a reply to a UDP packet is not allowed.
The Security Gateway can mark a connection in the Connections Table to allow traffic to pass only in one direction (hence the term 'unidirectional').
If a UDP connection uses a bi-directional communication method, this would create a violation.

 

Alert a Moderator
Message 3 of 4 (272 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph
Posts: 21,269
Registered: ‎03-29-2007

Re: Airwave ERM give problems with Checkpoint Firewall

Options

‎03-09-2017 01:18 AM

Please ask checkpoint to explain if there is a problem with the source port.  UDP is a unidirectional protocol and an SNMP trap is, as well.  We need more technical information about why it is flagged.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 4 of 4 (269 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium