I had exact same problem, ended up going to NT 4 server...... I used FP2 Secure Platform, and most of it worked but FP3 was a dog.
Symon -----Original Message----- From: Damien Hart [mailto:damien.hart@;CANBERRATIMES.COM.AU] Sent: 23 October 2002 05:24 To: [EMAIL PROTECTED] Subject: Re: [FW-1] NAT rules not working under FP3 - further info More info to add to the confusion... Telnet doesn't work either. A sniff outside the firewall does not see ANY traffic from the firewall at all. Trying the same tests with a rulebase with a single "any any any accept" rule is no different so it doesn't appear to be related to the rules either. It seems like it should be a routing issue but I can't see how it can be... Help please..... Damo > Hi again all, > > After completely rebuilding my SecurePlatform FP3 and rulebase to fix > my authentication problems (it DID fix them by the way) I have just > gone to test traffic directly passing through the firewall and it > appears to not be > working if there is a NAT involved. > > For web browsing I access a proxy server on my DMZ without NAT and it > accesses the Internet without a NAT. This works fine. But when I try > FTP or NNTP to a host directly I see the entry in the log accepting > the connection, but the applications come back saying connection > failed. Just like Mayooran I see the correct TX address in the log as > well (my two seperate internal networks are both hiding behind the > firewalls external > address) but nothing further. Strangely, a traceroute through the firewall > works as it should... > > I am fairly sure I have this setup exactly as I did in FP2 and it > worked fine there so is there something extra in FP3 that I need to > do? I would be > sooo happy to get everything to work on this platform at one time........... > > Routes are correct including default route on the firewall (otherwise > the web proxy wouldn't work either) and antispoofing is setup > correctly with the > groups of networks on each interface assigned to that interface and > the external interface set to "external". The access list on the > external router is not to blame either as I have tested with it > removed. > > Does anyone have any ideas of other things I can check? It seems to > be a most peculiar problem. > > thanks in advance, > > Damien > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ######################################################################## ############# Scanned for Viruses and Content and cleared by the Webvein Mail Gateway ######################################################################## ############# ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
