NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NAT fails on adhoc basis - Anybody encountered this before ?



Same here.  Have to add a NAT rule in addition to or
instead of the one created automatically.

Chris
--- Juan Concepcion <[email protected]>
wrote:
> 
> There is a method to correct this. However, not
> available to me at this
> very moment.  Will post it tomorrow.
> 
> > Dan Hitchcock wrote:
> > 
> > I have also seen this happen when using automatic
> NAT rules - the
> > firewall is NATting fine, then suddenly, with no
> explanation, private
> > addresses start leaking to the public network. 
> Nothing in the
> > firewall logs, nothing in fwd.elg, the NAT xlate
> state tables aren't
> > full, fw ctl pstat looks fine, etc etc.
> > 
> > The fix has been to create manual NAT rules in the
> address translation
> > rulebase rather than automatic NAT rules on the
> objects themselves.
> > 
> > BTW, Hey Check Point, what's up with this?  I've
> never found a
> > satisfactory explanation anywhere for this, and
> the problem persists
> > right up through 4.1SP4 (have seen it as early as
> 4.0SP1).
> > 
> > Dan Hitchcock
> > CCNP, CCSE, MCSE
> > Security Analyst
> > Breakwater Security Associates, Inc.
> > "Safe Harbor for E-Business"
> > dhitchcock (at) breakwatersecurity (dot) com
> > http://www.breakwatersecurity.com
> >work
> > 
> > The information contained in this email message
> may be privileged,
> > confidential and protected from disclosure.  If
> you are not the
> > intended recipient, any dissemination,
> distribution or copying is
> > strictly prohibited.  If you think you have
> received this email
> > message in error, please email the sender at
> > [email protected]
> > 
> > -----Original Message-----
> > From: [email protected]
> [mailto:[email protected]]
> > Sent: Tuesday, September 04, 2001 2:56 AM
> > To: Siow Yun Patricia
> > Cc: [email protected]
> > Subject: Re: [FW1] NAT fails on adhoc basis -
> Anybody encountered this
> > 
> > before ?
> > 
> > do you have any "halloc failed blah blah" in you
> fwd.elg?
> > 
> >       maybe you run out of kernerl memory, you can
> try to increase
> > fwhmen
> >       on /etc/system as shown:
> > 
> >       set fw:fwhmem=0x900000
> > 
> >       this number is calculated for my config, i
> think there is an
> > phoneboy
> >       article covering this issue.
> > 
> >           Raúl.
> > 
> > Siow Yun Patricia
> <[email protected]>@lists.us.checkpoint.com
> > con
> > fecha 03/09/2001 05:59:24
> > 
> >       Enviado por:
> [email protected]
> > 
> > 
> > 
> >          De                 Siow Yun Patricia
> > <[email protected]>
> > 
> > @lists.us.checkpoint.com
> >        --------+
> >
>
-----------------------------------------------------+
> > 
> > A
> >        --------+
> >
>
-----------------------------------------------------+
> > 
> > Copias
> > 
> > a
> >        --------+
> >
>
-----------------------------------------------------+
> > 
> > CCI
> >        --------+
> >
>
-----------------------------------------------------+
> >          Fecha              03/09/2001
> > 05:59
> >        --------+
> >
>
-----------------------------------------------------+
> >          Tema               [FW1] NAT fails on
> adhoc basis -
> > Anybody
> >                             encountered this
> before
> > ?
> >        --------+
> >
>
-----------------------------------------------------+
> > 
> >       Hi all !
> > 
> >       Have any administrators encouter this
> problem before ?
> > 
> >       Setup :
> >       Checkpoint 4.1 sp4 on pair of Sun Ultra 10s
> Solaris 7.
> > Implements
> >       stonebeat
> >       fullcluster for HA and load balancing
> solution. Implements VPN
> > with
> >       use of
> >       SecuRemote.
> > 
> >       Problem :
> >       NAT fails without reason adhoc basis.
> >       Noticed that after pushing out the same
> policy with minor
> > changes to
> >       the
> >       firewall many times (during testing).  NAT
> fails to work even
> > though
> >       it has
> >       previously worked before. What's odd is that
> after creating a
> > new
> >       rulebase
> >       and creating a set of rules and NAT exactly
> the same as before.
> >       Pushed it
> >       out to the nodes again. NAT works.
> > 
> >       Are there any state files or config files to
> remove and check
> > without
> >       the
> >       need to re-create a new policy everytime ?
> > 
> >       Thanks in advance.
> > 
> >       Rgds,
> >       Patricia
> > 
> > 
> >
>
================================================================================
> > 
> >            To unsubscribe from this mailing list,
> please see the
> >       instructions at
> >                     
> http://www.checkpoint.com/services/mailing.html
> > 
> >
>
================================================================================
> > 
> >
>
================================================================================
> > 
> >      To unsubscribe from this mailing list, please
> see the
> > instructions at
> >               
> http://www.checkpoint.com/services/mailing.html
> >
>
================================================================================
> 
> -- 
> Juan Concepcion
> Network Security Engineer
> CCSA CCSE
> [email protected]
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.