• Check Point
  • TCP Connection States Issues For Check Point VPN

TCP Connection States Issues For Check Point VPN

TCP packet out of state

Wondering why this is happening? Wondering when this is happening?

indeni will tell you when this is happening and will try and help determine why it’s happening. There are some known causes we’re capable of pin-pointing for you automatically. Useful, eh?

Data sources: logs, configuration database in the management server and more.

Avoid weird VPN issues

We’ve seen a variety of causes for VPN misbehavior – different encryption domains on two sides of a tunnel, internal CA not communicating, VPN peer disappearing, DPD being used when not supported and more.

You could consult with MrSnakey on cpug.org every time – he knows his VPNs. Or, you could have indeni monitor your management servers, log servers and (of course) gateways 24/7.

Data sources: logs (like "Invalid SA"), VPN commands (like vpn tu) and parsing of the database (objects_5_0.C, etc.).

Track important kernel tables

indeni tracks all of the important kernel tables and alerts if they are nearing capacity. Per kernel table, you get different instructions for fixing the problem. For example, for the connections table we may recommend increasing its size (or in some cases, other alternatives) while for the pdp_sessions table we’d direct you to SK101288.

Commands used: fw tab -s

Ensure you’re covered – with licenses and contracts

Do you have the right licenses? Are you exceeding capacity? Are your contracts being renewed on time? Will you continue to get your IPS signature updates?

Sometimes it can be difficult to stay on top of everything. In case you’ve missed something, indeni is there to point it out to you. Not saying you will, but just in case.

Data sources: licenses and contracts stored in the management database. Commands used: cplic print.

BlueCat to acquire LiveAction

BlueCat adds LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.