List-
I am currently confronted with a strange issue that I would like
to serve up for your collective input. Been a long time lurker on this
list, and am grateful for the many things that have been said on here
that helped me skirt many issues in the past.
I have a firewall that runs CP 4.1 SP2, which does NAT for a class C
network that sits behind the wall. The wall of course, has one public
and one private IP. The wall is a Sun Netra T1 running solaris 2.7
So with that as the background...
This wall has been running fine for the last few months without any
issues. A week ago, it developed some problems that has me baffled.
A look through the logs shows that traffic from machines behind the
wall is going out fine: (in other words, when you get on a machine on
the private network and make an HTTP request for a website, I can see
the request is going out fine. Snoop also confirms this.) but the
traffic does not return. It appears that the NAT tables are corrupt or
have been otherwise affected. On an IPchains firewall, I know how to
check the NAT tables, but being fairly new to CheckPoint I have been
unable to determine how to do this. Any suggestions?
This wall is located at one of our remote offices, and communicates
with a management station which is located in a DMZ at our corporate
location. Between this wall and the management station are two more
firewalls, also sun boxes running CP 4.0 SP2. NAT'ing also takes place
at our corporate offices. The only "change" that was made recently,
was along the lines of a subnet mask change. In effect, we had a class
C of private IP's at corporate, and that was changed to a /21 for
need of more IP's. this change had nothing to do with the firewall at
our remote office, and aside from changing the network object that
pertained to the corporate network, no other changes were made to the
policy that has been running successfully for the last four months.
Shortly after this subnet mask change at corporate, our remote office
started to experience these issues.
To answer questions of a diagnostic nature, yes, I can still SSH into
the remote firewall, and I can make HTTP requests from the wall itself
which go through fine and are reciprocated. I cannot, however, make the
same request from a machine BEHIND this firewall and get a response.
And yes, the logs see the request from the machine behind the firewall,
and yes, they are accepted, but no, they never get a response back from
a random website/ftp site/whatever.
I would very much appreciate any input that anyone may have on this,
because I have been through the meat grinder with Checkpoint on this,
and still no dice. I guess the upshot of the question is-
"how do I look at the NAT tables under CP, how do I fix the problem,
and can anyone suggest a reason for this behavior and could it be
related to the subnet mask change of a totally unconnected network?"
I would value any/all input.
Thanx-
____________________________________________________Privada, Inc._______
Maxx Christopher Lobo |[EMAIL PROTECTED] | 408-577-1820 x363 | NetAdmin |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
