Try using fw stat -d -l or if it is NG use cpstat -f all fw this may give you insight on which is the external int try fw monitor "aceept ;" -m IiOo The capital I is always for incomming so you can see which int is accepting the traffic i hope you don't have a heavy firewall
Stephen B. wrote: >How should i know the external interface in a nokia box ? >I put the file external.if in $FWDIR/conf with this content: eth2c0 >(logical external interface) as it said in the phoneboy site, >but how can i see if the modification has succesfull ? > >Because i have problem to connect to firewall-1 with secure remote i made >this for debug: > >fw monitor -e "accept ((src=@secure-remote,dst=@external-firewall) or (src= >@external-firewall,dst=@secure-remote));" > >And i have this log: > >eth2c0:i[44]: @secure-remote -> @external-firewall (TCP) len=44 id=27409 >TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000 >eth2c0:I[44]: @secure-remote -> @external-firewall (TCP) len=44 id=27409 >TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000 >eth3c0:o[44]: @external-firewall -> @secure-remote (TCP) len=44 id=34388 >TCP: 264 -> 3816 .S..A. seq=25ec351a ack=0020b34a >eth3c0:O[44]: @external-firewall -> @secure-remote (TCP) len=44 id=34388 > >The ip address of the eth2c0 is @external-firewall but the firewall use the >interface eth3c0 >to respond to my secure remote user ?? Is it possible that my external >interface isn't eth2c0 ? >And after that i don't have IKE negociation ... > > >A little help should be greatly appreciated ;) > > Stephen. > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
