Communication between the VMWare Host and VMWare Workstation Virtual Machine with bridged network adapter fails when Endpoint Security client E80.51 and above is installed
Extensive tests in Check Point lab have shown that this issue is NOT caused by the Check Point software (issue is replicated even without Check Point software):
- Install VMWare Workstation.
- Install WireShark on the Host machine.
- Enable the IPv4 checksum validation in the WireShark ('Edit' menu - 'Preferences...' - open 'Protocols' - click on 'IPv4' - check the box 'Validate the IPv4 checksum if possible' - click on 'Apply' - click on 'OK').
- In WireShark, start traffic capture on the involved network adapter.
- Ping the VM from the Host.
- You will see that outgoing pings have checksum mismatch.
Starting in E80.51, Endpoint Security client performs improved "TCP Checksum Offload" check on the packets. If packet checksum is incorrect, then this packet will be blocked.
In this specific case, the packets that are being blocked due to checksum mismatch are sent on UDP port 5355, which is used by the Link-Local Multicast Name Resolution (LLMNR) protocol. This protocol is used for communication between the VMWare Host and VMWare Workstation Virtual Machine when packets go to two different adapters (one of VM, another for real machine) through the same wire.