The squid cache box in the dmz of my IP440 firewall stopped working
today for the following reason:
I had two squid objects in my policy (squid and squidtest) I had both
internal and external NAT rules applied. The first pair of NAT rules
were:
squidtest to internal_networks, any TRANSLATE squidtest_internal to
original, any AND
internal_networks to squidtest_internal, any TRANSLATE original to
squidtest, any
where squidtest_internal is the object I created for the internal NAT
rule. This pair of NAT rules was created manually and an automatic pair
was also created that did the external NATing. The trouble started when
I deleted the squidtest object (having no more use for it!) it deleted
the automatic NAT rules (good) but didn't fully delete the manually made
rules - it deleted the squidtest and squidtest_internal parts and made
the first two NAT rules look like this:
any to internal_networks, any TRANSLATE original to original, any AND
internal_networks to any, any TRANSLATE original to original, any
This effectively masked/nulled subsequent NAT rules and stops fw-1
routing packets to the relevant places. This is one to watch out for.
Regards
declan
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
