Try fw monitor w/o any filter like with plain vanilla 'fw monitor -e "accept;" -o <file> - filtering causes some of the iIoO inpection points not show up - this may show the connection otherwise eloping..... - does the connection shows going thru one at least - you need to fw monitor on the fw that is not showing you the connection - what about the logs - do you see the connection at least in one of the fw's logs? SmartDefense logs may also need be verified...... hth, rajeev
On Feb 18, 2008 8:35 PM, Satyam Mathura <[EMAIL PROTECTED]> wrote: > Yupss, no firewall / network changes of any kind were made. SmartDefense in > monitor mode only. > > > On Feb 18, 2008 7:04 PM, Arvind Teemul <[EMAIL PROTECTED]> wrote: > > > Sat, > > > > Suggestion: > > Have you verifed and or undo any SmartDefense changes that might have > > occurred around the time the issue surfaced? > > > > > > Regards, > > Arvind > > > > On Feb 18, 2008 6:35 PM, Satyam Mathura <[EMAIL PROTECTED]> wrote: > > > > > Hey guys, > > > i've got an interesting problem. We have a couple R65 firewalls in a > > back > > > to > > > back configuration. Eg: > > > Internal_Net ->FW1->DMZ->FW2->External_Net > > > > > > I have a device on my internal network that needs to connect to servers > > on > > > the Internet and send data via TCP:10061. This worked for a few days and > > > was > > > logged correctly by the firewall but then stopped mysteriously. I can > > > confirm that no network / firewall changes were made during this time. > > > SmartView Tracker will show no entries for this traffic and the > > > destination > > > hosts can confirm that no data is being sent from us. > > > An fw monitor -e "accept src=<network device>;" will also show no > > results > > > for this traffic. However, a tcpdump on the entry and exit interfaces of > > > both firewalls shows traffic from the source device flowing through the > > > firewalls using the designated port and protocol. Additionally an fw tab > > > -t > > > connections -u shows the connections for this device on both firewalls. > > > I have tried the obvious re-installation of policies, rebooting of > > > firewalls, clearing of the entries in the connections table for the src > > ip > > > of the network device. > > > My questions are: > > > 1) why would tcpdump show traffic, but fw monitor returns no results > > > 2) any idea why it would work for a couple days and then stop working > > > altogether. I'm thinking that is must have something to do with the TCP > > > session timeouts for this protocol or the type of connection that is > > > established from this network device. > > > > > > Any ideas guys? > > > > > > regards, > > > -sm > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
