[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SYN Defender and WAN routing
The reason someone setup the 10.0.0.0 255.0.0.0 for the default route was so the firewall would send ALL packets destined for the 10.x.x.x network to your internal router, then the router could handle it from there. You either need to change the mask back, or add a seperate network entry for EVERY 10.x.x.x network to point to the gateway to reach it. Thomas Poole -----Original Message----- From: Rodney Lacroix [mailto:[email protected]] Sent: Thursday, October 12, 2000 3:22 PM To: [email protected] Subject: [FW1] SYN Defender and WAN routing I started receiving a TON of SYN Defender messages today, mostly originating from my remote WAN sites to other web sites (all remote WAN sites route through us for Internet access). I made the following change: My firewall's subnet on the internal interface was incorrect (255.0.0.0 vs. 255.255.0.0 on a 10.1.x.x network). When I changed the subnet to the correct mask, I began to receive SYN Defender messages from my WAN sites (routed networks also on a 255.255.0.0. subnet, but with a different network ID). Apparently, the firewall did not know how to respond to the remote workstations, and timed out the connections. I assumed it was then because my internal NIC on the firewall did not have a default gateway specified (I could not ping the routers on my remote sites from the firewall). When I added the default gateway (my local router), ALL Internet traffic halted - I again assume this is because my route has the firewall as it's hop to the Internet, and my firewall had it's next hop as the router (never ending loop). It appears that my firewall does not know the routes to my other sites with the correct network ID and subnet mask. How do I do this? Do I need to manually add static routes to the other networks? Rodney Lacroix ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|