On 8/3/07, cisco4ng <[EMAIL PROTECTED]> wrote: > > > However, if I do "cpstop;cpstart" on the > SPLAT enforcement module, hosts residing on > the External network CAN NOT ping host > 129.174.1.12. Several attempts to push > the policy did not sovle it. When > I do "fw ctl arp" on the SPLAT box, I see > this:
Do you see the icmp request arriving on the external interface of the firewall? tcpdump -ni ext-int-name icmp If not, is the fw responding to the arp request from your upstream router: tcpdump -ni ext-int-name arp If you see the icmp packet arriving on you fw's external interface then start a tcpdump on the internal network to see if the fw puts the icmp request on the local lan. Come back with the results of those checks. (before going into troubleshooting clusterXL issues) Br. Robby ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
