I'm a bit confused... seems my cisco knowledge isn't as good as I hoped .
Currently I'm facing a problem where our firewall receives traffic on 2 interfaces... seriously ... no Span ports configured or port-channels, just 2 interfaces on the switch connected to 2 interfaces of the firewall.. and seems both ports are used, but the strange part ... it is only used for a couple of computers.
hmm, not sure about Checkpoint, but since the Server (on Vlan2) is able to reach interface 1 that confirms that back and forth traffic is finding the write routes. So the first thing I could think of is the policy in the firewall.
For example, in ASAs and PIXes. By default, traffic is allowed to flow from a higher security level interface to a lower security level interface . But not vise versa. You'd need an ACL (and in some cases a static map) to allow the reverse traffic. The Checkpoint could have similar rules.
I assume here that interface 1 is on VLAN1 and interface 2 is on VLAN2. And that gateways on the servers are configured properly. And that both switches are working at layer 2 (at least for this case). It's a bit odd that the Server on VLAN2 can reach the interface on VLAN1 but not the interface on it's own VLAN2!! :?
Re: Duplicated traffic
9 years 8 months ago #28247
Seems the checkpoint firewall has some kinda bug and twitched arround the source/destination... so, in fact source was destination and destination was source
in our log there was :
Server A > Server B [OK]
Server A > Server B [Drop]
While this was in fact :
Server A > Server B [Ok]
Server B > Server A [Drop]
Seems server B had a wrong route for a subnet to send it towards a wrong interface on the firewall... still don't get it why the checkpoint twitched the source/destination.. when i know I'll let ya know