Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] HA Nokia w/ CHKP Enterprise FW-1 v4.0 - Flaky NAT

To: <[email protected]>
Subject: RE: [FW1] HA Nokia w/ CHKP Enterprise FW-1 v4.0 - Flaky NAT
From: [email protected]
Date: Fri, 23 Feb 2001 16:43:14 -0600
Cc: [email protected], [email protected]
Sender: [email protected]


I have no ARP entries at all because I am using Monitored Circuit mode HA.
The Virtual Router is set the same on all interfaces.  My NAT is achieved
using only the VRRP table and Static Route entries.  Also, this NATing
problem is affecting NATing going from one network to another (all the NAT
policies I have).

Thanks in advance




"Thomas Stala" <[email protected]> on 02/23/2001 04:20:16 PM

Please respond to <[email protected]>

To:   <[email protected]>
cc:

Subject:  RE: [FW1] HA Nokia w/ CHKP Enterprise FW-1 v4.0 - Flaky NAT


The VRRP setup, Do you have the Virtual router set the same on all the
interfaces? If you do not when an interface fails it will only fail that
one
interface over not the whole box.

ARPs are you using proxy or static? From what I understand only proxy Arps
work.

That is all I can think of right off the bat.

Is this just like one route that you are loosing or is it all routing?



Thomas Stala
[email protected]
Hope this helps

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Friday, February 23, 2001 4:37 PM
To: [email protected];
[email protected]
Subject: [FW1] HA Nokia w/ CHKP Enterprise FW-1 v4.0 - Flaky NAT


Hello Gentlemen,

I have two IP 440 Nokias running in HA with CheckPoint v.4.0 Enterprise
FW-1.  My NATing (manual) is acting very suspicious.  The NATing is working
fine but then all of a sudden it stops.  I have to bounce the primary Nokia
box to get it going again.  I think that this is only isolated to the
primary box.

These are the steps I followed to get NAT enabled:
     Define network object with an interface (the NATed IP address)
     Make the firewall policy to allow the proper services to get across
(e.g., TELNET)
     Create a NAT rule
     Make a static route entry for the NATed IP address (on both Nokias)
     Make a VRRP entry for the NATed IP address (on both Nokias)

I have gone over my configuration many, many times before.  I only have
about 50 regular policy rules, 80 NAT rules, and 5 rulebases.  This
configuration (slightly different) was originally on NT boxes.  The Nokias
are far more powerful then the old NT boxes.  That is why I think it may be
somewhere in the configuration.  I am working with my Reseller but they do
not have a solution yet.

Please Advise,

Wiktor Mikos
Network Engineer============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====









================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Job Posting- Network Security Engineer- New York
Next by Date: [FW1] Ports to Open for Exchange in DMZ using Checkpoint?
Previous by thread: [FW1] HA Nokia w/ CHKP Enterprise FW-1 v4.0 - Flaky NAT
Next by thread: [FW1] Restrictions of FTP data connection by FW1
Index(es):
- Date
- Thread