Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Strange behaviour with SP4

To: "Fw-1-Mailinglist (E-mail)" <[email protected]>, "Hakan UNSAL (E-mail)" <[email protected]>
Subject: [FW1] Strange behaviour with SP4
From: "Cihan Subasi (Garanti Teknoloji)" <[email protected]>
Date: Mon, 11 Jun 2001 11:17:39 +0300
Sender: [email protected]

	

	I finally upgraded my fws (ip650) to SP4 and had a very strange
thing after while,

	Here is my setup...

	I have a Loadbalancer connected to  one of the inferface and servers
are connected to Loadbalancer, one interface is for LAN1 and one interface
is for LAN2 and and last interface is for Internet (total of 4
interface)...LAN1 is HIDE translated to access to the internet but LAN2 is
not...No static address translation on the FW-1 because everything is done
by the loadbalancer, this is the scenario...I do have a arp entry on the
FW-1 for the virtual ips on the loadbalancer (and also a static route,
pointing to the loadbalancer interface on the FW-1 side)....That was working
fine with SP3....

	When we upgraded to SP4 we saw that LAN1 can access to the internet
but not the servers hosted on the Loadbalancer, but LAN2 can access to the
servers, the only difference between LAN1 and LAN2 is the hiding
translation...In the logs LAN1s ip addresses are tranlated to hiding ip but
they couldn't access any of the servers....I put a rule not to translated
the source ips for LAN2 when they access to the servers(did not work and
LAN2 couldn't access to the servers either...very strange) ,  I disabled
hiding rule,  this worked fine but this case they could not access to the
internet (very normal)....Finally by chance I deleted the proxy arp entry
for the servers virtual ip addresses and everything returned to
normal.....Seems like both the arp entry and the routing entry do not work
together and hiding address translated ips are having problem to accessing
those servers...Anybody any idea what is going on? am I mising some point
here? Thanks....  

*******************************************************
Cihan Subasi
Garanti Technology
Internet Services Manager
Work :	(90)GSM :	(90)http://www.garantitechnology.com
mailto:[email protected]
*******************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Win 2000 sp2 and CP sp3
Next by Date: [FW1] eSafe Protect Gateway v3.0 Build 60 using CVP locking up
Previous by thread: [FW1] Win 2000 sp2 and CP sp3
Next by thread: [FW1] eSafe Protect Gateway v3.0 Build 60 using CVP locking up
Index(es):
- Date
- Thread