Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Problem after upgrading 4.1 to NG FP3

To: [email protected]
Subject: [FW-1] Problem after upgrading 4.1 to NG FP3
From: "Fritze, Stefan" <[email protected]>
Date: Tue, 18 Feb 2003 10:27:51 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all,

i´m going to upgrade our FW CP 4.1 SP5 to the new release CP NG FP3. At this
time i have running our productive Fw with the old Version 4.1 and setup a
second one with NG to test if everything is working well.
Now i have some problems.

1. Problem
I have a Webserver in the DMZ with a private 192.168.x.x address that is
translated to it´s public address by the FW.
The Security Rule on the 4.1 FW is:

from      to                  service         action
any    Webserver(public)       http           accept

NAT Rule is:

from                     to              translated from
translated to
any                   Webserver(public)        original
Webserver(private) Static
Webserver(private)      any             Webserver(public) Static
original


This is working well on the 4.1 FW if i do the same on NG FP3 i get a
message in the Browser that tries to access this server that says 'Error
FW-1 at dle-ger-fw01: Access denied.'
The log file tells me the following.
 Number:                24712
Date:                   17Feb2003
Time:                   13:20:23
Product:                VPN-1 & FireWall-1
Interface:              daemon
Origin:                 Firewall address
Type:                   Log
Action:                 Reject
Service:                http
Source:                 Browser CLient in the internet
Destination:            Webserver (private)
Protocol:               tcp
Rule:                   45
Source Port:            2574
Information:            resource: http://Webserver(private):80/
                reason: Content Security - access denied.

If i change now the rule to accept access to the public and the private
address of the webserver it is working.
Can anbody tell me somthing about the reason of this difference or how i can
change it that it is working the same way like on 4.1?


2. Problem
I have running a smtp relay in the DMZ with a private 192.168.x.x address
that is translated to it´s public address by the FW.
The Security Rule on the 4.1 FW is:

from      to                  service         action
any    Mailserver(public)       smtp           accept

NAT Rule is:

from                     to              translated from
translated to
any                   Mailserver(public)        original
mailserver(private) Static
Mailserver(private)      any             Mailserver(public) Static
original

This is running well on CP 4.1 and i can directly access the mailserver via
smtp.

If i have the same configuration on the CP NG FP3 FW and i try to connect
with telnet on port 25 to the mailserver, then i´m not connected to the
mailserver instead of this i get a connection to the Checkpoint Secure SMTP
Server.
How can i change it to the same functionality like on CP 4.1?

best regards,

Stefan Fritze

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Protecting pop3
Next by Date: Re: [FW-1] Protecting pop3
Previous by thread: Re: [FW-1] Protecting pop3
Next by thread: [FW-1] SecureClient for NG
Index(es):
- Date
- Thread