Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SYN Defender and WAN routing

To: [email protected], [email protected]
Subject: RE: [FW1] SYN Defender and WAN routing
From: [email protected]
Date: Thu, 12 Oct 2000 15:34:31 -0400
Sender: [email protected]

The reason someone setup the 10.0.0.0 255.0.0.0 for the default route was so
the firewall would send ALL packets destined for the 10.x.x.x network to
your internal router, then the router could handle it from there.

You either need to change the mask back, or add a seperate network entry for
EVERY 10.x.x.x network to point to the gateway to reach it.


Thomas Poole

-----Original Message-----
From: Rodney Lacroix [mailto:[email protected]]
Sent: Thursday, October 12, 2000 3:22 PM
To: [email protected]
Subject: [FW1] SYN Defender and WAN routing



I started receiving a TON of SYN Defender messages today, mostly originating
from my remote WAN sites to other web sites (all remote WAN sites route
through us for Internet access).

I made the following change:  My firewall's subnet on the internal interface
was incorrect (255.0.0.0 vs. 255.255.0.0 on a 10.1.x.x network).  When I
changed the subnet to the correct mask, I began to receive SYN Defender
messages from my WAN sites (routed networks also on a 255.255.0.0. subnet,
but with a different network ID).  Apparently, the firewall did not know how
to respond to the remote workstations, and timed out the connections.

I assumed it was then because my internal NIC on the firewall did not have a
default gateway specified (I could not ping the routers on my remote sites
from the firewall).  When I added the default gateway (my local router), ALL
Internet traffic halted - I again assume this is because my route has the
firewall as it's hop to the Internet, and my firewall had it's next hop as
the router (never ending loop).

It appears that my firewall does not know the routes to my other sites with
the correct network ID and subnet mask.  How do I do this?  Do I need to
manually add static routes to the other networks?

Rodney Lacroix



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Best practice: DNS location
Next by Date: Re: [FW1] SYN Defender and WAN routing
Previous by thread: Re: [FW1] SYN Defender and WAN routing
Next by thread: [FW1] Best practice: DNS location
Index(es):
- Date
- Thread