Yupss, no firewall / network changes of any kind were made. SmartDefense in monitor mode only.
On Feb 18, 2008 7:04 PM, Arvind Teemul <[EMAIL PROTECTED]> wrote: > Sat, > > Suggestion: > Have you verifed and or undo any SmartDefense changes that might have > occurred around the time the issue surfaced? > > > Regards, > Arvind > > On Feb 18, 2008 6:35 PM, Satyam Mathura <[EMAIL PROTECTED]> wrote: > > > Hey guys, > > i've got an interesting problem. We have a couple R65 firewalls in a > back > > to > > back configuration. Eg: > > Internal_Net ->FW1->DMZ->FW2->External_Net > > > > I have a device on my internal network that needs to connect to servers > on > > the Internet and send data via TCP:10061. This worked for a few days and > > was > > logged correctly by the firewall but then stopped mysteriously. I can > > confirm that no network / firewall changes were made during this time. > > SmartView Tracker will show no entries for this traffic and the > > destination > > hosts can confirm that no data is being sent from us. > > An fw monitor -e "accept src=<network device>;" will also show no > results > > for this traffic. However, a tcpdump on the entry and exit interfaces of > > both firewalls shows traffic from the source device flowing through the > > firewalls using the designated port and protocol. Additionally an fw tab > > -t > > connections -u shows the connections for this device on both firewalls. > > I have tried the obvious re-installation of policies, rebooting of > > firewalls, clearing of the entries in the connections table for the src > ip > > of the network device. > > My questions are: > > 1) why would tcpdump show traffic, but fw monitor returns no results > > 2) any idea why it would work for a couple days and then stop working > > altogether. I'm thinking that is must have something to do with the TCP > > session timeouts for this protocol or the type of connection that is > > established from this network device. > > > > Any ideas guys? > > > > regards, > > -sm > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
