NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT fails on adhoc basis - Anybody encountered this bef ore ?



Title: RE: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?

I have also seen this happen when using automatic NAT rules - the firewall is NATting fine, then suddenly, with no explanation, private addresses start leaking to the public network.  Nothing in the firewall logs, nothing in fwd.elg, the NAT xlate state tables aren't full, fw ctl pstat looks fine, etc etc.

The fix has been to create manual NAT rules in the address translation rulebase rather than automatic NAT rules on the objects themselves.

BTW, Hey Check Point, what's up with this?  I've never found a satisfactory explanation anywhere for this, and the problem persists right up through 4.1SP4 (have seen it as early as 4.0SP1).

Dan Hitchcock
CCNP, CCSE, MCSE
Security Analyst
Breakwater Security Associates, Inc.
"Safe Harbor for E-Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
work

The information contained in this email message may be privileged, confidential and protected from disclosure.  If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited.  If you think you have received this email message in error, please email the sender at [email protected]


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, September 04, 2001 2:56 AM
To: Siow Yun Patricia
Cc: [email protected]
Subject: Re: [FW1] NAT fails on adhoc basis - Anybody encountered this
before ?




do you have any "halloc failed blah blah" in you fwd.elg?

      maybe you run out of kernerl memory, you can try to increase  fwhmen
      on /etc/system as shown:

      set fw:fwhmem=0x900000

      this number is calculated for my config, i think there is an phoneboy
      article covering this issue.

          Raúl.




Siow Yun Patricia <[email protected]>@lists.us.checkpoint.com con
fecha 03/09/2001 05:59:24


      Enviado por: [email protected]


                                                                         
         De                 Siow Yun Patricia <[email protected]>  
                            @lists.us.checkpoint.com                     
       --------+  -----------------------------------------------------+ 
         A                                                               
       --------+  -----------------------------------------------------+ 
         Copias                                                          
         a                                                               
       --------+  -----------------------------------------------------+ 
         CCI                                                             
       --------+  -----------------------------------------------------+ 
         Fecha              03/09/2001 05:59                             
       --------+  -----------------------------------------------------+ 
         Tema               [FW1] NAT fails on adhoc basis - Anybody     
                            encountered this before ?                    
       --------+  -----------------------------------------------------+ 







      Hi all !

      Have any administrators encouter this problem before ?

      Setup :
      Checkpoint 4.1 sp4 on pair of Sun Ultra 10s Solaris 7. Implements
      stonebeat
      fullcluster for HA and load balancing solution. Implements VPN with
      use of
      SecuRemote.

      Problem :
      NAT fails without reason adhoc basis.
      Noticed that after pushing out the same policy with minor changes to
      the
      firewall many times (during testing).  NAT fails to work even though
      it has
      previously worked before. What's odd is that after creating a new
      rulebase
      and creating a set of rules and NAT exactly the same as before.
      Pushed it
      out to the nodes again. NAT works.

      Are there any state files or config files to remove and check without
      the
      need to re-create a new policy everytime ?

      Thanks in advance.

      Rgds,
      Patricia



      ================================================================================

           To unsubscribe from this mailing list, please see the
      instructions at
                     http://www.checkpoint.com/services/mailing.html
      ================================================================================








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.