Hey guys, i've got an interesting problem. We have a couple R65 firewalls in a back to back configuration. Eg: Internal_Net ->FW1->DMZ->FW2->External_Net
I have a device on my internal network that needs to connect to servers on the Internet and send data via TCP:10061. This worked for a few days and was logged correctly by the firewall but then stopped mysteriously. I can confirm that no network / firewall changes were made during this time. SmartView Tracker will show no entries for this traffic and the destination hosts can confirm that no data is being sent from us. An fw monitor -e "accept src=<network device>;" will also show no results for this traffic. However, a tcpdump on the entry and exit interfaces of both firewalls shows traffic from the source device flowing through the firewalls using the designated port and protocol. Additionally an fw tab -t connections -u shows the connections for this device on both firewalls. I have tried the obvious re-installation of policies, rebooting of firewalls, clearing of the entries in the connections table for the src ip of the network device. My questions are: 1) why would tcpdump show traffic, but fw monitor returns no results 2) any idea why it would work for a couple days and then stop working altogether. I'm thinking that is must have something to do with the TCP session timeouts for this protocol or the type of connection that is established from this network device. Any ideas guys? regards, -sm ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
