NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Nated machines can't access Internet





Did you look at the local.arp file ?

default path c:\winnt\fw\state or conf for 4.0 c:\winnt\fw1\4.1\state or
conf...

sometimes it didn't take the file during the upgrade ;-)

hope this could help.



CryptoTech <[email protected]> on 19/02/2001 15:46:16

Please respond to [email protected]

To:   Annette Tenney <[email protected]>
cc:   [email protected]
Subject:  Re: [FW1] Nated machines can't access Internet



Annette,
Since this is an upgrade on a separate server, a few questions come to
mind.
Have you removed the old config so that the new setup will be the proper
defaultroute for internal hosts?
Validation of proper published mac addresses is a plus
Check the network properties TCPIP ->routing table to enable ip
forwarding/routing.

HTH,
CryptoTech

Annette Tenney wrote:

> Am running FW-1 ver. 4.0. Upgrade planned on different server. Have
> installed NT on new machine and imported the rulebase and configuration
> files from the old machine which is currently in use. Have modified the
> route table on the new machine to match the old machine. Have created the
> local.arp file. Checked in the configuration GUI that the external
interface
> was pointing to the correct card. On the firewall network object did a
get
> for the interfaces which succeeded. Installed the policies.
>
> Have new machine on test network with DNS. Have not tried the upgrade
yet.
> Firewall can get name resolution, can ping machines on internal network
and
> DMZ by both true IP address and nated address. Internal machines with
nated
> address can not get name resolution (DNS acting as machine outside
> firewall), machines internal with hidden address can get resolution.
Machine
> on DMZ, with nated address can not get resolution. External machine can
not
> get to web server on DMZ. Have disabled all rules in rule base and added
> rule any any any allow. Psuedo rules set to allow anything. Turned off IP
> address spoofing.
>
> What have I missed?
>
> Thanks for your help.
>
>
================================================================================

>      To unsubscribe from this mailing list, please see the instructions
at
>                http://www.checkpoint.com/services/mailing.html
>
================================================================================




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.