Any drops on rule 995 or 997? If so, see
Active Directory Replication fails through VPN-1/FireWall-1 NG with
Application Intelligence R55 after installing Windows 2003 Service Pack 1
Solution ID: #sk30784
It's got to do with a DCE-RPC issue and doesn't mention SmartDefense.
Ray
From: Tony Pombo <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Windows 2003 SP1 Domain Controllers
Date: Wed, 17 Aug 2005 17:45:44 -0400
I have two Windows 2003 SP1 Domain Controllers at different sites on the
Internet. Both sides are protected by CheckPoint FW-1 R55W. There is a
site-to-site VPN between the sites. The rules are configured to allow all
traffic between sites.
Problem #1 (fixed):
The domain controllers cannot replicate Active Directory information
between
them. The firewall's SmartDefense is rejecting the packets. I avoided
this
by setting MS-RPC smart defense to "monitor only".
Problem #2:
Many packets sent between the domain controllers are dropped by the
firewall
for: "TCP packet out of state: First packet isn't SYN tcp_flags: ACK". I
cannot get the domain controllers to replicate, and my AD tools indicate a
communications issue.
Any ideas?
-----------------------------------------------
Tony Pombo
Systems and Security Architect
Edict Systems, Inc.
937-429-4288 x279
[EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
