> I think I have the proper rules in place to allow traffic out > and inbound, > but I cannot get past the firewall from the Server and I > cannot get inbound > to the server. Maybe it is a route that I am missing or a > rule. Not sure I > want to post my complete route to the public though.... :) Is there > specific routes that I will have to manually configure with > win 2000 to make > it route to my valid IP within my DMZ?
No, if your interfaces are configured for the proper subnets, with the correct netmask (critical), the firewall OS should route packets to the correct interface. > And are there > different rules then > normal that need to be placed to do the same on the checkpoint side. No, just the usual stuff. If you are unsure about rules make them all ANY, ANY, ANY, ACCEPT, LOG and watch what happens. Your logging will tell you if your packets are arriving on the correct interface, confirming your routing is correct. > > I did create a NAT rule for the DMZ and of course I got out > then, but I > could only go out and not in. But I cannot use any kind of > NAT to resolve > this issue with VoIP. If you have legal IP subnets attached to the interfaces you don't need NAT. You don't need to worry about ARPs because your gateway router should be sending the entire subnet to your firewall. That should be easy to determine if you have a problem there if you attempt to route to your subnet from the outside and you never see any packets arriving at your firewall external interface. Do a traceroute from the outside and if they don't show up at your firewall call your ISP. If they do show up at your firewall be sure they pass your rulebase. If they do pass your rulebase you must have a local routing problem. See if you can ping the dmz servers from your firewall. Traceroute out from your servers and see where your packets are dying. Hal ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
