| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Microsoft File Shares and Citrix through FW-1
Hi,
I am running a Nokia bosx with IPSO 3.4, VPN/FW-1 4.1 SP4. We have two internal interfaces and 1 external interface. We have a Citix server running on Win2k and another box running Winnt4.0. The Citrix server is statically NATed the other box is NATed behind the FW address all on one interface. The other internal inferface is NATed behind the FW address. We can use the ICA client from outside the firewall and attach to Citrix on a valid IP just fine. The problem is between both internal interface. Our rule looks like this
Internal1 Internal2 NBT, microsoft-ds (udp,tcp 445), Citrix accept
We cannot map file shares on Internal2 on either the Citrix box or the NT 4.0 box. We cannot use the ICA client even though a similar rule from the outside works. I have another service that does work called funkproxy (similar to VNC). For testing purposes I allow ping to Internal2 and it works. I can nbtstat to the boxes in Internal2.
My logs show the packets were accepted and nothing dropped except with Win2k where nbsessions at first are accepted then a Rule ) rejection with a message SYNDefender warning: SYN -> SYN-ACK -> RST.
Anyone have a solution or at least some further things to check.
Regards,
Richard Chase
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
