Network Management

Reply
Occasional Contributor I
Posts: 6
Registered: ‎02-05-2016

Airwave ERM give problems with Checkpoint Firewall

Hi all,

 

We are installing worldwide new Checkpoint firewalls. Now we see in the tracker of Checkpoint the following logs

 

Check Point logging laat geblokte snmp-traps zien:

Number:                3338438
Date:                     21Feb2017
Time:                     12:28:06
Interface:               eth3
Origin:                   <firewall>
Type:                     Log
Action:                   Drop
Service:                gsnmp-trap (162)
Source Port:          54606
Source:                 <Wireless Virtual Controller or AP>
Destination:          <Airwave server address>
Protocol:               udp
Information:          message_info: Violated unidirectional connection
Product:                Security Gateway/Management
Product Family:    Network
Policy Info:            Policy Name: Standard
                              Created at: Tue Feb 21 09:56:58 2017
                              Installed from: fw-mgmt-internal1

Checkpoint has an article about this:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31808&partition=Advanced&product=Security

But this doesn't help us.

Does someone has experience with this, or can help us.

 

 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Airwave ERM give problems with Checkpoint Firewall

Without knowing anything, it looks like a controller or AP is sending traps to Airwave, which is perfectly normal.  You might want to ask Checkpoint to clarify.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎02-05-2016

Re: Airwave ERM give problems with Checkpoint Firewall

Hi Colin,

 

Thanks for your reply. It seems the way the AP/Controller is sending the trap is not according the official way or is using the same source port to quick after each other.

Comment of Checkpoint FAQ

CauseBy default, a reply to a UDP packet is not allowed.
The Security Gateway can mark a connection in the Connections Table to allow traffic to pass only in one direction (hence the term 'unidirectional').
If a UDP connection uses a bi-directional communication method, this would create a violation.

 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Airwave ERM give problems with Checkpoint Firewall

Please ask checkpoint to explain if there is a problem with the source port.  UDP is a unidirectional protocol and an SNMP trap is, as well.  We need more technical information about why it is flagged.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: