On 8/3/07, cisco4ng <[EMAIL PROTECTED]> wrote: > Do you see the icmp request arriving on the external interface of the > firewall? > > YES. The firewall sees incoming icmp requests arriving at the External > interface. > > If you see the icmp packet arriving on you fw's external interface then > start a tcpdump on the internal network to see if the fw puts the icmp > request on the local lan. > > NO. The icmp traffics never made it to the Internal interface. > > As I've said before, everything works with NG-AI R55 with HFA_20. > With the same idential setup on NGx R61 with HFA_02 or NGx R65, after > performing "cpstop;cpstart", static NAT does not work. Solution is to > reboot > the firewall. > > Any ideas? Thanks
Use fw monitor to check the flow in the fw module chain: fw monitor -e 'accept [9:1]=1;' -p all + launch a ping and post the ouput together with the one of "fw ctl chain" Br. Robby ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
