[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] SYN Defender and WAN routing
Yeah you need static routes, or run like gated or routed so your firewall learns where stuff is automatically. You can just setup gated ( I run gated) and list all the static routes, or pass routing info like rip or whatever to your firewall... Rodney Lacroix wrote: > I started receiving a TON of SYN Defender messages today, mostly originating from my remote WAN sites to other web sites (all remote WAN sites route through us for Internet access). > > I made the following change: My firewall's subnet on the internal interface was incorrect (255.0.0.0 vs. 255.255.0.0 on a 10.1.x.x network). When I changed the subnet to the correct mask, I began to receive SYN Defender messages from my WAN sites (routed networks also on a 255.255.0.0. subnet, but with a different network ID). Apparently, the firewall did not know how to respond to the remote workstations, and timed out the connections. > > I assumed it was then because my internal NIC on the firewall did not have a default gateway specified (I could not ping the routers on my remote sites from the firewall). When I added the default gateway (my local router), ALL Internet traffic halted - I again assume this is because my route has the firewall as it's hop to the Internet, and my firewall had it's next hop as the router (never ending loop). > > It appears that my firewall does not know the routes to my other sites with the correct network ID and subnet mask. How do I do this? Do I need to manually add static routes to the other networks? > > Rodney Lacroix > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|