More info to add to the confusion... Telnet doesn't work either. A sniff outside the firewall does not see ANY traffic from the firewall at all. Trying the same tests with a rulebase with a single "any any any accept" rule is no different so it doesn't appear to be related to the rules either. It seems like it should be a routing issue but I can't see how it can be...
Help please..... Damo > Hi again all, > > After completely rebuilding my SecurePlatform FP3 and rulebase to fix my > authentication problems (it DID fix them by the way) I have just gone to > test traffic directly passing through the firewall and it appears to not be > working if there is a NAT involved. > > For web browsing I access a proxy server on my DMZ without NAT and it > accesses the Internet without a NAT. This works fine. But when I try FTP > or NNTP to a host directly I see the entry in the log accepting the > connection, but the applications come back saying connection failed. Just > like Mayooran I see the correct TX address in the log as well (my two > seperate internal networks are both hiding behind the firewalls external > address) but nothing further. Strangely, a traceroute through the firewall > works as it should... > > I am fairly sure I have this setup exactly as I did in FP2 and it worked > fine there so is there something extra in FP3 that I need to do? I would be > sooo happy to get everything to work on this platform at one time........... > > Routes are correct including default route on the firewall (otherwise the > web proxy wouldn't work either) and antispoofing is setup correctly with the > groups of networks on each interface assigned to that interface and the > external interface set to "external". The access list on the external > router is not to blame either as I have tested with it removed. > > Does anyone have any ideas of other things I can check? It seems to be a > most peculiar problem. > > thanks in advance, > > Damien > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
