[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NAT and Lost Connections
Title: NAT and Lost Connections
I do
not have any secure web servers defined within FW-1. I was under the impression
that traffic was proxied only when they were defined.
Is
that not the case?
Web
requests will go via the secure web server component of Check Point, and in
effect are proxied.
Check Point's proxy does fully not support all kinds of web traffic,
especially xml, dhtml and webdav components, so I'd check what your remote
user is trying to do here.
If
Check Point doesn't understand or support something, it will show the
connection as accepted, but then the proxy component will drop it without any
warning whatsoever !
Tim
Hello,
I am running Checkpoint 4.1 sp4 on Windows NT 4.0
sp6. I have a webserver in a DMZ that has its address translated at the
firewall. The NAT is static, there is a route on the firewall and an entry
in the local.arp file for the webserver such that the firewall listens on
the legal address and routes traffic for the legal back to the illegal
address in the DMZ. In fact, everything works as it should most of the time.
The problem is that sometimes a host on the internet will attempt to connect
to the webserver and it gets a connection timeout error. For the failed
connection, I see a connection attempt made on the firewall and the
connection is accepted, but there is no corresponding entry on the
webserver. I am trying to narrow the field of investigation and I was
wondering if anyone has seen this behaviour for FW-1 before.
Any information would be helpful.
Thanks!
Rob Michayluk Computer Network Services Analyst ACD Systems Ltd. The Digital
Imaging Company Tel: (250)
544-6700 Fax:
[email protected] www.ACDSYSTEMS.com
********************************************************************** This
email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system
manager.
This footnote also confirms that this email message has been
swept by Dimension Data mail system for the presence of computer
viruses.
www.uk.didata.com **********************************************************************
|