NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] traffic unflowing...helpers please



If you can't hit the router, check on the router, if its a cisco router,
turn on icmp debugging, and check to see if the packets are getting there,
and if its sending them back out the correct port.  Check your routing
tables.  WHen you did your route add, did you use the -p flag to make them
permanent?  if not you'll have to re-add them after every reboot.  Watch the
logs in the firewall carefully as your pinging stuff on the far side.  I've
had this problem myself on initial setup of two firewalls at two different
companies, and in both cases it was a routing issue.  Try uninstalling  your
policy.  If you can get traffic through with the policy uninstalled, its a
policy issue, if you can't, its a routing issue.
One of my routing issues turned out to be an old version of IOS on an old
cisco router.  The route was setup something like ip route x.x.x.x eth0,
when I changed  the eth0 to the actual netxt hop gateway address it worked
just fine.  

-----Original Message-----
From: Patrick James [mailto:[email protected]]
Sent: Wednesday, June 06, 2001 12:06 AM
To: [email protected]
Subject: [FW1] traffic unflowing...helpers please



Hi all,
I have a FW1 version 4.1 SP2 installation on WinNT 4.0 SP6. My network is a 
simple one where I have  couple of servers on the LAN and a Router, the FW1 
is pretty sitting between the LAN and the Router. I configured the proper 
NAT and security policy settings absolutely no problem with that. I created 
a 'local.arp' file under 'state' directory also added a 'route add' at the 
cmd prompt. On the NAT, I selected 'Static' and mapped couple of my servers 
to 2 nos. of global IP addresses. I even tried the security setting as 'All 
to ALL' and nothing went good.

The thing is that both the internal LAN servers could ping the external NIC 
of the FW1 while they could not ping anything host beyond. including the 
Router which is also un-pingable. I could even find the traffic generated by

these 2 servers at the log viewer "Active Account" of FW1.

Where could be problem? Any helpers please......

thanks
James
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.