Dear All,
The firewall stopped working altogether- in case we enable hide
NAT for any object.
In case we managed with all static NATs the firewall
worked for 1 day after which it has become non functional.
We also analysed that if we enable logs in any of the rules it
clogs log with its junk entries to non existant IPs showed as
destination.
We have also analysed some "code red "documents and suspect the
same. Pls see if checkpoint has some patch for the firewall. Also when we remove
the machines with IIS which are behind the network , the machines with static
NAT start working again. So this is strongly suspected.
Event viewer system log shows :
FW1:
FW-1: halloc: unable to allocate 68 bytes
FW1: FW-1:
fw_xlate_forw: failed to initialize the connection
From phone boy we did get one query (top one) which says that
PCs behind NAT might have got infected by some Trojan Horse
program.
Kindly suggest some possible soution on urgent basis.