We have a distributed pair of Nokia IP380's running NG AI R55. We have configured security rules to allow access from the internal network to the DMZ using UDP-20400 and return rules fromt he DMZ to the internal network using the same UDP port. We have also configured NAT rules from internal to DMZ and DMZ to internal. When running TCPdumps on the internal and DMZ interfaces, we see traffic entering the internal interface and exiting the DMZ interface. We also see the return traffic on the DMZ interface but no return traffic on the internal interface. Checking in SVTracker, there are entries for connections in both directions matching the rules we have implemented for this traffic, while the outward traffic to the DMZ has a the Xlated destination and NAT rule listed, the return traffic does not have a xlated address or NAT rule associated with it. So far I've: Checked the objects are configured correctly, both device and service Checked static routes are in the enforcement modules for the destination, Changed the position of the NAT rules so that they are at the top of the NAT policy to avoid any clashes (although I don't believe there were any anyway) with earlier rules Checked the Global policies Stateful inspection for UDP protocol handling Checked the advanced properties of the service object Any ideas would be greatfully accepted. Andy
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
