You could try logging onto the console of the firewalls, see if
anything interesting is going on there. You can also run tcpdump, etc
from there, see what's happening with your traffic. "fw monitor" can
also be helpful, but it gets killed on policy install. If I was you,
I'd also change your sync network to not be on the same network as
your management. I would put it on a dedicated network - for VRRP-
only setups, you can use a crossover cable.
I'm still not quite clear about one thing - you lose connectivity
from your management station to the modules, but do they also stop
processing all traffic? Is other traffic going between other subnets
affected at all? If it's only management station, then it could be
something to do with the sync subnet, or maybe some packet that gets
broadcast that your management station doesn't like.
- Lindsay
On 2 Oct 2005, at 15:51, Marius Banica wrote:
The smartcenter is only smartcenter and log server
I install the policy on the two modules that I have and then loose
connectivity at all (also internet and telnet module1 18191)
But after couple of minutes all traffic is back to normal and no
problems there at all
And the policy is installed.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Sunday, October 02, 2005 2:30 PM
To: [email protected]
Subject: Re: [FW-1] Nokia + checkpoint Issue
Hi Marius,
Is this a new install? If so, make sure you don't have VPN-1/FW-1
checked on the SmartCenter object. You may be inadvertently installing
the security policy on the SmartCenter.
When this happens, how do you get connectivity back? That may give a
clue as to what is going on.
Ray
From: Marius Banica <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Nokia + checkpoint Issue
Date: Sun, 2 Oct 2005 14:33:02 +0200
All is direct connected to the same subnet
i.e. 172.16.0.0/24
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Marius
Banica
Sent: Saturday, October 01, 2005 7:25 PM
To: [email protected]
Subject: Re: [FW-1] Nokia + checkpoint Issue
when installating i loose pings, loose telnet boxip 18191 loose
everytying include internet but when dooing fw stat i see that the
policy is there i loose connectivity betwwen install the policy and 1
minute after it.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Marius
Banica
Sent: Wednesday, September 28, 2005 5:35 PM
To: [email protected]
Subject: [FW-1] Nokia + checkpoint Issue
Hello,
I have nokia ip530 running ipso 3.8.1 with checkpoint NG AI
iam using monitored circuit for the VRRP
When install the security policy I loose connectivity to the modules
and all the comm. is down
my mgmt is sitting on the LAN where the sync network is located I.e.
same subnet
any ideas?
p.s I tried all checkpoint versions from ng ai to ng ai HFA16 and
ipso
3.7
my mgmt is ng ai r55 HFA 16 on windows 2003
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email [EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
