|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IPSO Default Gateway Problem
Thanks for you input to do with dns lookups. Basically there is no dns lookup going on (or shouldn't be). The default gateway is referenced by IP address (entered through voyager) and the ping or telnet session are just to IP addresses too. I guess I'm going to just have to live with it. .....or so I thought. I've just looked again at the config, and realised that the dns servers in the config aren't available from our test area. If it can't see them, it causes this delay. Even when just pinging IP's i.e. when it doesn't have to do a lookup. Removing the dns servers or putting our test one in cures the problem. Thanks (Anthony/Bill)very much for you help. Darren Lewis > Hi > > I have a very strange problem where if I put the default gateway in the > same subnet as any one of the three interfaces on my Nokia IP330 (i.e. how > you would want it!), the firewall grinds to a halt for about 20-30 seconds > when doing some network operations. I have noticed this when telnetting in > to the firewall, or doing a ping from within a serial console. The telnet > session does nothing for a while and the ping just sits there, and then > after a while both just kick into life, as if everything is completely > normal. If I remove the default gateway, everything works OK. If I > disconnect the network cable from the interface connected to the default > gateway, the ping or telnet carries on without the normal 20-30 second > delay. If I move the default gateway to a different interface the > behaviour remains, but the cable that I can disconnect to get the telnet of > ping going again changes accordingly. This affects all pings and telnets, > not just those in/out of the interface with the 'problem'. The box is a > clean install of Nokia IPSO 3.4.1-FCS11. It doesn't make any difference > whether FW1 is running or not. Any ideas at all? This has to be one of > the more bizarre problems I have seen. > > By the way, for those interested in a previous post where I managed to > corrupt the boot manager (by not doing an md5 on the image - idiot), I > managed to repair it. I connected the knackered HDD as a slave on a second > IP330, and did a manual 'dd' from the master to the slave starting at > sector 63. I was going to do it in FreeBSD, but doing it in IPSO seemed a > safer option. > > If anyone has any ideas about the gateway thing, I'd love to hear from you. > > Cheers > > Darren Lewis ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
