Hi Had a very strange and a terrible problem yesterday and I would really appreciate if someone could take their time off and read this long mail and come up with a good explanation. 1) We wanted to test an IDS product outside our Checkpoint Firewall. The vendor wanted to make use of a hub as opposed to switch which was OK to us. This switch was located between the FW and Border Router. We replaced it and there was no issues. 2) We wanted to test a VOIP application which meant that we had to open a higher TCP port on our Firewall. We put a rule just above the general rule which would allow everyone to go out to the Internet. No issues. Shortly after we completed 1) and 2), all hell broke loose. We just couldnt go out to the Internet and lost connectivity to our DMZ machines. Funnily we could ping all the external sites and do a traceroute as well. Port 80,21 was broken completely. I couldnt telnet to port 80 on any external sites. I removed the VOIP Rule and reverted back to the switch. No luck. Stopped FW and rebooted as well. No luck. The FW logs showed no dropped traffic. When I did a snoop, it showed traffic going from us, but not return. Only a few machines which had static NAT could go out. We use HIDE NAT which had failed completely. After re-arranging my Rules, everything was alright until I added the Cleanup rule at the very bottom. I lost Internet connectivity again. 10 hours later, I restored the entire $FWDIR/conf, database, state dir from tape and rebooted and we were back in business. My question is why did the FW behave like this and what could have happenned. The IDS demo was cancelled and the VOIP testing couldn't be done as well. TIA Ragu
__________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
