Take a look at the ARP table on the enforcement module via a console cable
right before and after a policy push and see if there's a difference.
Are you rematching existing connections on a policy install or dropping
them?
Ray
From: Marius Banica <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Nokia + checkpoint Issue
Date: Mon, 3 Oct 2005 14:41:54 +0200
Not new install,
Imported it from FP3 which had the same problem.
The connecttivity gets back by itself... Strange :-)
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Sunday, October 02, 2005 2:30 PM
To: [email protected]
Subject: Re: [FW-1] Nokia + checkpoint Issue
Hi Marius,
Is this a new install? If so, make sure you don't have VPN-1/FW-1
checked on the SmartCenter object. You may be inadvertently installing
the security policy on the SmartCenter.
When this happens, how do you get connectivity back? That may give a
clue as to what is going on.
Ray
>From: Marius Banica <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><[email protected]>
>To: [email protected]
>Subject: Re: [FW-1] Nokia + checkpoint Issue
>Date: Sun, 2 Oct 2005 14:33:02 +0200
>
>All is direct connected to the same subnet
>
>i.e. 172.16.0.0/24
>
>-----Original Message-----
>From: Mailing list for discussion of Firewall-1
>[mailto:[EMAIL PROTECTED] On Behalf Of Marius
>Banica
>Sent: Saturday, October 01, 2005 7:25 PM
>To: [email protected]
>Subject: Re: [FW-1] Nokia + checkpoint Issue
>
>when installating i loose pings, loose telnet boxip 18191 loose
>everytying include internet but when dooing fw stat i see that the
>policy is there i loose connectivity betwwen install the policy and 1
minute after it.
>-----Original Message-----
>From: Mailing list for discussion of Firewall-1
>[mailto:[EMAIL PROTECTED] On Behalf Of Marius
>Banica
>Sent: Wednesday, September 28, 2005 5:35 PM
>To: [email protected]
>Subject: [FW-1] Nokia + checkpoint Issue
>
>Hello,
>
>I have nokia ip530 running ipso 3.8.1 with checkpoint NG AI
>
>iam using monitored circuit for the VRRP
>
>When install the security policy I loose connectivity to the modules
>and all the comm. is down
>
>my mgmt is sitting on the LAN where the sync network is located I.e.
>same subnet
>
>any ideas?
>
>p.s I tried all checkpoint versions from ng ai to ng ai HFA16 and ipso
>3.7
>
>my mgmt is ng ai r55 HFA 16 on windows 2003
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email [EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
