NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT and Lost Connections

Title: NAT and Lost Connections
I do not have any secure web servers defined within FW-1. I was under the impression that traffic was proxied only when they were defined.
Is that not the case?
-----Original Message-----
From: Tim Holman (home) [mailto:[email protected]]
Sent: October 27, 2001 3:15 AM
To: [email protected]
Subject: Re: [FW-1] NAT and Lost Connections

Web requests will go via the secure web server component of Check Point, and in effect are proxied.
Check Point's proxy does fully not support all kinds of web traffic, especially xml, dhtml and webdav components, so I'd check what your remote user is trying to do here.
If Check Point doesn't understand or support something, it will show the connection as accepted, but then the proxy component will drop it without any warning whatsoever !
 
Tim
 
 
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Rob Michayluk
Sent: 26 October 2001 19:17
To: [email protected]
Subject: [FW-1] NAT and Lost Connections

Hello,

I am running Checkpoint 4.1 sp4 on Windows NT 4.0 sp6. I have a webserver in a DMZ that has its address translated at the firewall. The NAT is static, there is a route on the firewall and an entry in the local.arp file for the webserver such that the firewall listens on the legal address and routes traffic for the legal back to the illegal address in the DMZ. In fact, everything works as it should most of the time. The problem is that sometimes a host on the internet will attempt to connect to the webserver and it gets a connection timeout error. For the failed connection, I see a connection attempt made on the firewall and the connection is accepted, but there is no corresponding entry on the webserver. I am trying to narrow the field of investigation and I was wondering if anyone has seen this behaviour for FW-1 before.

Any information would be helpful.
Thanks!

Rob Michayluk
Computer Network Services Analyst
ACD Systems Ltd.
The Digital Imaging Company
Tel: (250) 544-6700
Fax:
[email protected]
www.ACDSYSTEMS.com




**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.