Hi, I'm running NG FP3 and Cluster XL (multicast mode) on Linux platform. I've something setup like this :
WAN NET1 NET2 --- FW --- BIGIP (load balancer) --- FTPD I've a problem with active FTP. When a client connects and do a PORT command, it is silently droped by the firewalls (one time every 2 connexions). I see the FTPD sending the Syn, nating this Syn. Then the Syn comes to the lan interface of the firewall but never reaches the Wan interface of the firewall. Clients are connecting to an ip in routed to the firewall then nated. For example : 1/ client connects to 10.10.10.1 (Static nat on the firewall) 2/ Firewall do Destination NAT and send packets to a VIP on the BIGIP (192.168.20.10) 3/ Bigip do Destination NAT and join the FTPD (192.168.21.10) I don't understand why the firewall is droping the ftp-data syn. Is there a way to look at this on the firewalls ? I did notice nothins on smartview tracker .... Thanks in advance for your answers. Best regards, -- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
