NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SYN Defender and WAN routing



Yeah you need static routes, or run like gated or routed so your firewall learns where stuff is automatically. You can just setup gated ( I run gated) and list all the static routes, or pass routing info like rip or whatever to your firewall...

Rodney Lacroix wrote:

> I started receiving a TON of SYN Defender messages today, mostly originating from my remote WAN sites to other web sites (all remote WAN sites route through us for Internet access).
>
> I made the following change:  My firewall's subnet on the internal interface was incorrect (255.0.0.0 vs. 255.255.0.0 on a 10.1.x.x network).  When I changed the subnet to the correct mask, I began to receive SYN Defender messages from my WAN sites (routed networks also on a 255.255.0.0. subnet, but with a different network ID).  Apparently, the firewall did not know how to respond to the remote workstations, and timed out the connections.
>
> I assumed it was then because my internal NIC on the firewall did not have a default gateway specified (I could not ping the routers on my remote sites from the firewall).  When I added the default gateway (my local router), ALL Internet traffic halted - I again assume this is because my route has the firewall as it's hop to the Internet, and my firewall had it's next hop as the router (never ending loop).
>
> It appears that my firewall does not know the routes to my other sites with the correct network ID and subnet mask.  How do I do this?  Do I need to manually add static routes to the other networks?
>
> Rodney Lacroix
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.