[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Strange behaviour with SP4
I finally upgraded my fws (ip650) to SP4 and had a very strange thing after while, Here is my setup... I have a Loadbalancer connected to one of the inferface and servers are connected to Loadbalancer, one interface is for LAN1 and one interface is for LAN2 and and last interface is for Internet (total of 4 interface)...LAN1 is HIDE translated to access to the internet but LAN2 is not...No static address translation on the FW-1 because everything is done by the loadbalancer, this is the scenario...I do have a arp entry on the FW-1 for the virtual ips on the loadbalancer (and also a static route, pointing to the loadbalancer interface on the FW-1 side)....That was working fine with SP3.... When we upgraded to SP4 we saw that LAN1 can access to the internet but not the servers hosted on the Loadbalancer, but LAN2 can access to the servers, the only difference between LAN1 and LAN2 is the hiding translation...In the logs LAN1s ip addresses are tranlated to hiding ip but they couldn't access any of the servers....I put a rule not to translated the source ips for LAN2 when they access to the servers(did not work and LAN2 couldn't access to the servers either...very strange) , I disabled hiding rule, this worked fine but this case they could not access to the internet (very normal)....Finally by chance I deleted the proxy arp entry for the servers virtual ip addresses and everything returned to normal.....Seems like both the arp entry and the routing entry do not work together and hiding address translated ips are having problem to accessing those servers...Anybody any idea what is going on? am I mising some point here? Thanks.... ******************************************************* Cihan Subasi Garanti Technology Internet Services Manager Work : (90)GSM : (90)http://www.garantitechnology.com mailto:[email protected] ******************************************************* ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|