Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?

To: Dan Hitchcock <[email protected]>
Subject: Re: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?
From: Juan Concepcion <[email protected]>
Date: Thu, 06 Sep 2001 11:37:43 -0400
Cc: "'[email protected]'" <[email protected]>, Siow Yun Patricia <[email protected]>, [email protected]
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

There is a method to correct this. However, not available to me at this
very moment.  Will post it tomorrow.

> Dan Hitchcock wrote:
> 
> I have also seen this happen when using automatic NAT rules - the
> firewall is NATting fine, then suddenly, with no explanation, private
> addresses start leaking to the public network.  Nothing in the
> firewall logs, nothing in fwd.elg, the NAT xlate state tables aren't
> full, fw ctl pstat looks fine, etc etc.
> 
> The fix has been to create manual NAT rules in the address translation
> rulebase rather than automatic NAT rules on the objects themselves.
> 
> BTW, Hey Check Point, what's up with this?  I've never found a
> satisfactory explanation anywhere for this, and the problem persists
> right up through 4.1SP4 (have seen it as early as 4.0SP1).
> 
> Dan Hitchcock
> CCNP, CCSE, MCSE
> Security Analyst
> Breakwater Security Associates, Inc.
> "Safe Harbor for E-Business"
> dhitchcock (at) breakwatersecurity (dot) com
> http://www.breakwatersecurity.com
>work
> 
> The information contained in this email message may be privileged,
> confidential and protected from disclosure.  If you are not the
> intended recipient, any dissemination, distribution or copying is
> strictly prohibited.  If you think you have received this email
> message in error, please email the sender at
> [email protected]
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, September 04, 2001 2:56 AM
> To: Siow Yun Patricia
> Cc: [email protected]
> Subject: Re: [FW1] NAT fails on adhoc basis - Anybody encountered this
> 
> before ?
> 
> do you have any "halloc failed blah blah" in you fwd.elg?
> 
>       maybe you run out of kernerl memory, you can try to increase
> fwhmen
>       on /etc/system as shown:
> 
>       set fw:fwhmem=0x900000
> 
>       this number is calculated for my config, i think there is an
> phoneboy
>       article covering this issue.
> 
>           Raúl.
> 
> Siow Yun Patricia <[email protected]>@lists.us.checkpoint.com
> con
> fecha 03/09/2001 05:59:24
> 
>       Enviado por: [email protected]
> 
> 
> 
>          De                 Siow Yun Patricia
> <[email protected]>
> 
> @lists.us.checkpoint.com
>        --------+
> -----------------------------------------------------+
> 
> A
>        --------+
> -----------------------------------------------------+
> 
> Copias
> 
> a
>        --------+
> -----------------------------------------------------+
> 
> CCI
>        --------+
> -----------------------------------------------------+
>          Fecha              03/09/2001
> 05:59
>        --------+
> -----------------------------------------------------+
>          Tema               [FW1] NAT fails on adhoc basis -
> Anybody
>                             encountered this before
> ?
>        --------+
> -----------------------------------------------------+
> 
>       Hi all !
> 
>       Have any administrators encouter this problem before ?
> 
>       Setup :
>       Checkpoint 4.1 sp4 on pair of Sun Ultra 10s Solaris 7.
> Implements
>       stonebeat
>       fullcluster for HA and load balancing solution. Implements VPN
> with
>       use of
>       SecuRemote.
> 
>       Problem :
>       NAT fails without reason adhoc basis.
>       Noticed that after pushing out the same policy with minor
> changes to
>       the
>       firewall many times (during testing).  NAT fails to work even
> though
>       it has
>       previously worked before. What's odd is that after creating a
> new
>       rulebase
>       and creating a set of rules and NAT exactly the same as before.
>       Pushed it
>       out to the nodes again. NAT works.
> 
>       Are there any state files or config files to remove and check
> without
>       the
>       need to re-create a new policy everytime ?
> 
>       Thanks in advance.
> 
>       Rgds,
>       Patricia
> 
> 
> ================================================================================
> 
>            To unsubscribe from this mailing list, please see the
>       instructions at
>                      http://www.checkpoint.com/services/mailing.html
> 
> ================================================================================
> 
> ================================================================================
> 
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
Juan Concepcion
Network Security Engineer
CCSA CCSE
[email protected]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?
  - From: Chris H <[email protected]>

References:
- RE: [FW1] NAT fails on adhoc basis - Anybody encountered this bef ore ?
  - From: Dan Hitchcock <[email protected]>

Prev by Date: [FW1] Air Gap = Next security technology?
Next by Date: [FW1] Account management module
Previous by thread: RE: [FW1] NAT fails on adhoc basis - Anybody encountered this bef ore ?
Next by thread: Re: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?
Index(es):
- Date
- Thread