Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Thoughts on why no packets?

    Posted 03-02-2021 12:42
      |   view attached
    Hello community,
    Do you have any thoughts or advice about where in the network I should look to troubleshoot a problem based on the following information.  To provide additional information a network diagram is attached.

    I logged into the CLI on the gateway WAF and ran these commands.
    tcpdump_on
    tcpdump -nnpi eth2 dst 192.168.25.2
    tcpdump -nnpi eth2 dst 192.168.25.3
    tcpdump_off


    The output from the packet capture of 192.168.25.2 show lots and lots of packets.  This makes sense as this is a web site that is working and has been working for several years.

    The output from the packet capture of 192.168.25.3 shows
    0 packets captured
    This is a new web site we are implementing and haven't been able to access.  I was capturing packets on eth2 which is the side of the gateway WAF that faces the firewall.  Since there were no packets coming in does it seem like there is a problem at the firewall?

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Thanks,
    Fred
    ------------------------------


  • 2.  RE: Thoughts on why no packets?
    Best Answer

    Posted 03-04-2021 05:28
    Edited by Fred Percynski 03-04-2021 15:30
    Hi Fred,

    It looks like you are running in Bridge mode, is that correct?

    If you are not seeing any packets destined for 192.168.25.3/24 at all, then the issue will be at your firewall, potentially with the NAT setup there.
    In Bridge mode, the WAF is essentially acting as a very smart ethernet cable, and if no packets are seen on the ingress/client interface (eth2), it means the FW is not sending them through the GW.

    ------------------------------
    Stefan Pynappels
    Escalation Engineer
    Imperva
    ------------------------------

    Original Message