Recent Posts

Pages: [1] 2 3 ... 10
1
Forum Lobby / Re: Current frustration...
« Last post by ristau5741 on Today at 07:21:58 AM »
Client sends keepalives. Firewall responds to clients' keepalives but somehow forgets to forward them to the remote VCS gateway and that one closes the session after one hour.

Worst thing is that all these silly Check Point bugs always require some sort of update or hotfix, which is not a simple task in 24/7 datacenters.

Had something like that at the airline where I worked,  setup a VOIP environment,  and every morning during the morning meeting between the two sites, the concall would drop, call lasted an hour, and after some variable time the call would drop after 30 minutes, never before. but not always.

After much troubleshooting we determined that the remote site put the call on mute and if no one from remote office spoke, the VOIP system would  think the line was dead after 30 minutes and the system would close the connection.  The variability came into play where if someone spoke after 10 minutes, then put the phone back on mute, 30 minutes after that call would drop, and if they spoke a few times, without a 30 minute lapse being on mute, that call would not drop. <insert head scratch emoticon here>

2
Forum Lobby / Re: Current frustration...
« Last post by SimonV on Today at 01:30:01 AM »
Client sends keepalives. Firewall responds to clients' keepalives but somehow forgets to forward them to the remote VCS gateway and that one closes the session after one hour.

Worst thing is that all these silly Check Point bugs always require some sort of update or hotfix, which is not a simple task in 24/7 datacenters.

3
Forum Lobby / Re: Current frustration...
« Last post by deanwebb on Yesterday at 08:01:27 PM »
So... the security gateway is making the remote host seem like it's still up?

Smoooooooooooooooooooooooooooooth.

:yeahright:
4
Forum Lobby / Re: Current frustration...
« Last post by SimonV on Yesterday at 09:56:58 AM »
Quote
H.323 Keep Alive packets sent (sent every two minutes) from the localhost to the remote host are being intercepted by the Security Gateway and are not being forwarded to the remote host.

Instead of forwarding these H.323 Keep Alive packets, the Security Gateway is incorrectly responding to the local host, as if it were the remote host

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113749

On the flip side, I did learn a lot about our nGenious One, neat product!
5
After wrestling with YDK (YANG development kit) installation for more time than I'd like to admit, I automated the thing in Ansible so I can reliably instantiate it at will.

0.7.1 has a convoluted install, hacks involved, and the documentation is.... eh.... (lets just say that parts contradict other parts, and parts that don't work aren't removed/caveated).

https://github.com/wintermute000/testvm-ansible/tree/master/roles/configure-yanghosts

YDK is this
https://github.com/CiscoDevNet/ydk-py



6
Voice, Video, and Telepresence / QOS expedite causing access issue with STP
« Last post by zackburf on April 24, 2018, 02:42:05 PM »
I have Adtran switches across my network. What we have found an issue with access when STP blocks a port in a specific instance.  The instance we found is when there is a loop in an unmanaged switch that is connected to the Adtran.(I know unmanaged switches are the devil and budget wise we are working to get rid of them.)  What happens is a user creates a loop in their office with the unmanaged switch and then the Adtran kills that link to the unmanaged switch. This is great because it stops the loop from hurting the network.  All the computers on the Adtran retain internet access and voip phones work fine.

Here is the weird part, when it blocks that port we lose all remote access to the switch. I have confirmed STP is blocking that port by consoling into the switch.  This only happens we are using QOS to expedite voip traffic. When we turn qos off the STP still blocks the port and we keep remote access.

I have tested this in a lab enviroment with not other traffic besides my computer and the loop in an unmanaged switch and the same thing happens. I have found when I weight the qos VOIP queue to 255 instead of expedited I keep access as well.

My question is this.  With VOIP do I need to keep the voip queue at expedited traffic or can I just leave at 255.(The other three queues are set to 25)

Second question is does anyone know why expediting COS vlaue 5 traffic in queue 4 is stopping remote access and pings during the loop.

7
Security / CounterACT Custom Conditions
« Last post by deanwebb on April 24, 2018, 02:18:02 PM »


Very cool, shows a great way to build out a tool within the product.
8
Forum Lobby / New forum feature
« Last post by deanwebb on April 24, 2018, 12:09:23 PM »


Post a YouTube link, get an embedded YouTube video in the post.

You're welcome.  :smug:
9
This one mentioned a court ruling about not revealing salary information and I was all over it like a donkey on a waffle!
10
Certifications and Careers / Re: Certification and Career Goals for 2018
« Last post by deanwebb on April 24, 2018, 11:24:31 AM »
Making my way through training files... not always easy to schedule with work and stuff still happening, but I can fit it in.
Pages: [1] 2 3 ... 10