Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] DHCP client and CheckPoint Firewall-1

To: [email protected]
Subject: [FW1] DHCP client and CheckPoint Firewall-1
From: [email protected] (Ruiyuan Jiang)
Date: Thu, 28 Jun 2001 10:15:06 -0400
Sender: [email protected]

Hi, all

We have two CheckPoint Firewall-1 (4.0 SP5 with Solaris 2.6 on Ultra station 2) with failover each other through StoneBeat v3.0 with NT 4.0. The way for internal PC users with DHCP client enabled to access Internet is through our proxy server which sits on our DMZ zone. So every hit from internal users to access proxy server has to pass through our CheckPoint Firewall-1 and it works fine. Now I got a request from several users that they need to test to access a web server directly without proxy server. In the rule set, I appended a rule after the proxy server access rule:

    Source                Destination        Service        Action    Track    Install On
1.  internal_network    ProxyServers    http            accept    account    gateway
2.    test_users            test_web_site    http            accept    account    gateway

When the browser of these DHCP client test users access that particular web server directly on the Internet, I saw the log of Firewall-1 shows the connection is accept according to rule 2 but the browsers say there is no response from the web server after a while with the message "connect: contacting web server". The interesting thing is some of the testing users' PC have static IP addresses and their browsers do get response from the web server directly without proxy server. As a test myself, I changed my NT PC and my HP-UX workstation to DHCP client and I can't access that web server but once I convert back my NT PC and HP-UX workstation back to static IP address then I can access the web server directly without proxy server no problem. By the way, all the DHCP clients access Internet through proxy server without problem. Now I am thinking that do I need to change the order of above two rules so rule 2 is been examed first but why static IP addresses box to access the web !
server no problem as rule 2? Anyone
 has any idea? Thanks in advance.

Ryan Jiang
Senior UNIX administrator
Liz Claiborne, Inc.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] 4.1 and Solaris
Next by Date: RE: [FW1] SecuRemote FWZ encryption - does not work
Previous by thread: [no subject]
Next by thread: [FW1] FW-1 and PPTP
Index(es):
- Date
- Thread