hi everybody,
i'm in really big trouble using fw1 ng (base/hf1/hf2)
my fw1 management station is connected to two fw1-modules running stonebeat ha on solaris..
FW-M
!
!
HUB
/ \
/ \
/ \
FW1----FW2 STONEBEAT-LINK BETWEEN FW1 AND FW2
! :
! :
! :
------------------------- LAN
!
!
FW-GUI-Client
FW-M (Firewall management) is using fw1 and fw2 as default-router. when FW1 is up and FW-M tries to talk to FW2, FW2 should send a ICMP redirect which says" please use fw1 as router".
that's fine.
but: this packet is dropped by the firewall on FW2
logentry: icmp-type 5 icmp-code 1 message_info ICMP packet out of state
rule: no entry, not even rule zero
global properties: accept outgoing packet origination from gateway is first
it could be something like the old "unknown established tcp packet" - problem, but the fix for 4.1 does not work for ng, because there is no
ALLOW_NON_SYN_RULEBASE_MATCH in fwui_head.def
best regards
walter nordmann, cards engineering, germany
Title: big trouble with NG
- Re: [FW-1] big trouble with NG Walter Nordmann
