[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Firewall Forgetting to NAT?

To: [email protected]
Subject: [FW1] Firewall Forgetting to NAT?
From: [email protected]
Date: Mon, 14 May 2001 09:03:58 -0500
Sender: [email protected]



Hi everyone,

I have a Solaris 2.6 box running Checkpoint Version 4.1 Build 41814.  I
have multiple DMZ's, an external and an internal interface.  I use Hide
nats for internal hosts outbound to the net.  For some really strange
reason, the firewall seems to forget to NAT traffic now and then.   It's
like it decides to turn off NAT spontaeneously for a random object.
Sometimes it's just a specific host, other times it's a network object.

Normally in my logs I see traffic going out the firewall to internet
destinations being natted; I see the original source and an xlated src.
This is good, everything works fine.  Then all of a sudden it stops natting
that object.  In the log I see the original address but no xlated src
anymore. Just requests to outside addresses with invalid internal source
addresses.  To fix the problem, I edit the object and change the hide nat
address to some other address, push the policy out, go back and change it
to the correct old hide address, push the policy out and poof, all is well.
What really bothers me is I'm not changing anything to fix it, it's like I
just have to kick to wake it up.. :)

Any ideas?

John Delisle
Corporate Technology
Ceridian Canada Ltd**********************************************************************
This e-mail and any files transmitted with it are considered 
confidential and are intended solely for the use of the 
individual or entity to whom they are addressed (intended).  
This communication is subject to agent/client privilege. 
If you are not the intended recipient (received in error) or 
the person responsible for delivering the e-mail to the 
intended recipient, be advised that you have received this 
e-mail in error and that any use, dissemination, forwarding, 
printing or copying of this is e-mail is strictly prohibited.  If 
you have received this e-mail in error please notify the 
sender immediately.

**********************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SSL OVER VPN-1 GATEWAY>>
Next by Date: [FW1] Nokia IP FW series
Prev by thread: [FW1] SSL OVER VPN-1 GATEWAY>>
Next by thread: Re: [FW1] Firewall Forgetting to NAT?
Index(es):
- Date
- Thread