Support Center > Search Results > SecureKnowledge Details
Users are not able to connect with any client (Endpoint, SNX) to Multi-Portal after upgrade of Security Gateway to R77 that is connected over PPPoE
Symptoms
  • Users are not able to connect with any client (Endpoint, SNX) to Multi-Portal after upgrade of Security Gateway to R77 that is connected over PPPoE.

  • Enabling pre-R77 CPAS TCP stack on Security Gateway by adding 'cpas_is_old_stack_global=1' into the $FWDIR/boot/modules/fwkern.conf file on Security Gateway and rebooting resolves the issue.

  • Kernel debug on Security Gateway ('fw ctl debug -m fw + tcp') shows that the traffic is dropped:
    ;tcp_input: multicast or broadcast drop;
    ;tcp_input: in drop lable ;
    
Cause

TCP stack of Check Point Active Streaming (CPAS) infrastructure in R77 drops the traffic over PPPoE because the source IP addresses are recognized as broadcast or multicast addresses.


Solution
Note: To view this solution you need to Sign In .