Can you hit the box with any other protocol from the Internet side? If
you sniff on the DMZ wire, do you see the packets? Being accepted by
the Inspect engine at interface A is not the same thing as being forwarded
out of interface B.
I'd also sniff the DMZ to see what traffic the server is returning -- it
might not be on 2000-2004, in which case your firewall might be dropping
it.
HTH
--
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376
On Tue, 18 Jul 2000, Rankovich, Zoran wrote:
>
> I have an outside vendor with a product that resides on a server connected
> to our DMZ. The vendor uses ports 2000-2004. I have created a rule to allow
> a connection to the server from the Internet but the vendor does not get a
> reply back from the server stating that a connection was made. I can view
> the log and see that the Firewall let the connection through, I can also see
> the port and IP translation. I would appreciate any help. Thanks in advance.
> We are running FW1 4.0 on a Solaris box.
>
> Zoran Rankovich
> OSD Network Engineer
> [EMAIL PROTECTED]
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
