Is the Smart Defense sequence verification checked? If so turn off TCP sequence verification and see if that fixes it.
David S. Barker Senior Security Engineer Compuquip Technologies Phone: 305.436.7272 X 1364 Fax: 305.436.9149 mailto://[EMAIL PROTECTED] 8399 NW 30th Terr, Miami, Fl 33122 Compuquip TECHNOLOGIES "Providing Solutions Since 1980" -----Original Message----- From: Mailing list for discussion of Firewall-1 on behalf of Kent Hamilton Sent: Mon 10/10/2005 12:46 PM To: [email protected] Subject: Re: [FW-1] No new sessions don't work. Pretty much nothing gets through. Everything is dropped with with out of sequence. I can't ssh from a box inside to my router outside, etc. Lindsay Hill wrote: > Every packet? Or just old sessions that the firewall doesn't know > about, since its connection table was cleared by you rebooting it? > > Sounds like the firewall is acting ok. > > After rebooting it, do new sessions work ok? > > It's one of the problems with standalone firewalls, and why many > people use clusters, with synchronisation. > > - Lindsay > > (And you did install policy after updating the firewall object, right?) > On 10/7/05, Hamilton, Kent <[EMAIL PROTECTED]> wrote: > >> I need to renumber our NG R55 system due to changes in our ISP's. >> >> We have our Management server on one of our enforcement points. I >> renumbered the box and currently have both the old and new IP on the >> external interface. I've moved the licenses over to the new IP and I tried >> removing the old IP from the firewall object and the interface. After >> rebooting every packet showed as been out of sequence in the Tracker and >> was dropped. >> >> Any help on what I'm forgetting would be greatly appreciated. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
