Thanks for answering. SV Tracker shows firewall internal IP as the source, "xlate src" shows blank, as well as "nat rule".
I haven't been able to gather fw monitor captures of this traffic, but at least from the logs perspective, no nat seems involved. Regards El miércoles, 18 de septiembre de 2013, David DeSimone escribió: > Are you certain that this isn't traffic which is simply NAT'd behind the > firewall's IP? > > > Sergio Alvarez <seral...@gmail.com <javascript:;>> wrote: > > > > Thanks for answering. > > > > Everything (Management and two-gateway cluster) runs on CheckPoint > > appliances (Gaia), R76. > > > > Regards > > > > El miércoles, 18 de septiembre de 2013, Diotte, Shannon S escribió: > > > > > Is this an HP platform? > > > > > > ________________________________________ > > > From: Mailing list for discussion of Firewall-1 [ > > > FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM <javascript:;><javascript:;>] > > > on behalf of > > > Sergio Alvarez [seral...@gmail.com <javascript:;> <javascript:;>] > > > Sent: Wednesday, September 18, 2013 7:28 PM > > > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > > > <javascript:;><javascript:;> > > > Subject: [FW-1] Logs show traffic on TCP/1124 sourced from the > firewall to > > > internal servers > > > > > > Hello. > > > > > > A customer is concerned with the fact logs are showing allowed TCP/1124 > > > traffic originated from the firewall gateway's internal interface and > > > destined to various internal servers. > > > The service is named "hpvmmcontrol" and apparently there are multiple > > > vulnerabilities associated with it. > > > The firewall is not working as proxy, Mobile Access is not in use and I > > > could not come up with any further ideas on why would this particular > > > traffic would be originated from the firewall itself. > > > TCP/1124 is not something regularly used by CheckPoint and searches on > the > > > KB won't come back with anything. > > > > > > Does anybody know what could this traffic be related? > > -- > David DeSimone == Network Admin == f...@verio.net <javascript:;> > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has > been sent, and may contain information that is confidential or legally > protected. If you are not the intended recipient or have received this > message in error, you are not authorized to copy, distribute, or otherwise > use this message or its attachments. Please notify the sender immediately > by return e-mail and permanently delete this message and any attachments. > Verio Inc. makes no warranty that this email is error or virus free. Thank > you. > > Email secured by Check Point > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com <javascript:;> > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com <javascript:;> > ================================================= > -- Sergio Alvarez CISSP | CCSE+ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
