Which of the following reasons could explain this output?

After disabling SecureXL you ran command fw monitor to help troubleshoot a VPN issue. In your
review you note that you only see pre-inbound traffic (“i”) and no other traffic after this. Which of
the following reasons could explain this output?

After disabling SecureXL you ran command fw monitor to help troubleshoot a VPN issue. In your
review you note that you only see pre-inbound traffic (“i”) and no other traffic after this. Which of
the following reasons could explain this output?

A.
Routes are set up incorrectly

B.
You have overlapping encryption domains with the remote site

C.
You don’t have an “encrypt” rule

D.
Traffic is not destined to the correct MAC address because you failed to set up proxy ARP



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Sidza

Sidza

The capture point in the decode is the most import feature of fw monitor troubleshooting purposes. VPN-1/FW-1, compares (runs it thru INSPECT engine) network traffic against its policy and state tables when the packet is received (inbound) as well as immediately before the packet is transmitted (outbound). The four primary capture points correspond to points immediately before and after the VPN-1/FW-1 inspection points. If we see that a packet was captured only prior to an inspection but not after and inspection, we can conclude that some aspect of firewall policy is the cause of our network problem.

Ex 1: If a packet only generates one line of output marked with the pre-inbound inspection ( i ) identifier, we can be confident that the VPN-1/FW-1 policy is causing the packet to be dropped. Tracker can be used to figure out which rule is causing the problem.

Ex 2: If only lines for inbound inspection ( i, I ) are shown but outbound inspection ( o,O ) are missing. This would indicate that the packet is either terminating at the firewall itself or that routing has been misconfigured and the routing engine of the firewall is blackholing the packet.

Ex 3: If the expected packet doesn’t even produce any inbound inspection decode lines, this means either that the filter expression is incorrect or that the packet is never making it to the Enforcement Module for inspection. Other tools would then be needed to see what is going on outside the firewall.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583