NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Not able to ping from FW to either way



Hi Don,

I am also getting this error message while installing my policy(verifying
rules goes good).


Warning: External Interface was not set by this Loading. Please verify that
         $FWDIR/conf/external.if holds the name of your External Interface.

Installing Security Policy on localhost(Firewall) succeeded
Done.

Kindly guide,
Thanks,
Puneet.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Don
Sent: Monday, January 14, 2002 4:44 PM
To: [email protected]
Subject: Re: [FW-1] Not able to ping from FW to either way


> I am new to Checkpoint FW, so kindly bear with me and guide me urgently..
> Problem:
>
> 1) I have two ethernet cards on my FW machine.One with Valid Internet IP
and
> other LAN IP (192.168.1.1), I have all the real IPs in my network.
>
>     ISP------------Router-------Hubs----------------(E0)--FW
>
machine--(E1)------------------------------HUB-----------------192.168.1.134
>                                       |            (Valid IP-206.x.y.z,
> (LAN IP-192.168.1.1
>                                       |
> 255.255.255.0)          ,255.255.255.0)
>                                                 |
>                                                   |
>                                                 |
>                                         Workstations(with Valid IPs)
>
>      I am not able to ping from 192.168.1.1 to 192.168.1.134 and vice
> versa?? Cards are responding to self ping i.e.  if I ping 192.168.1.1or
> 192.168.1.134 from the same
>      machine, I get replies from the ehernet cards !!
What is your firewall rulset? Unless you have explicitly allowed ICMP to
and from the firewall, all such traffic will be dropped.

> 2)     I  am also not able to ping my router's valid Internet IP from my
> FW's valid Internet IP although  I have added the routes.   I  want to do
> Static NAT, I did all the steps, but when I am not able to ping the two
> machines, I guess NATing won't work.
Your network diagram is, to say the least, confusing.

Does it look something like this:

Host -- Firewall -- Router -- Internet

Host IP:              192.168.1.1.34
Firewall Internal:    192.168.1.1
Firewall External:    206.2.3.2/24 (Just an example)
Router Internal:      206.2.3.1/24 (Just an example)
Router external:      a.b.c.d/30

The router should have a default route through its serial interface.

The firewall should have a default route through 206.2.3.1.

The hosts on the internal network should have a default route through
192.168.1.1.

You should be running hide-mode NAT on the the firewall for the internal
network.

Unless you have a specific rule on your firewall, you will not be able to
ping to or from the firewall while it is running.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.