Checkpoint VPN Application TCP handshake works but actual traffic fails
Posted on 2011-09-03
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster. VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS. Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects. When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.
I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.
Any assistance would be greatly appreciated!