Greetings all,
I recently made some changes to our FW to allow outbound traceroute, and
everything is working good so far. However, I have one machine in my DMZ
that is set up (in terms of rule base etc) the same as the other DMZ boxes,
and this one machine is having problems. When I trace out from this
machine, it looks like my first probe packet goes okay (gets xlated) but my
2nd and 3rd do not. Here is 'debug ip icmp' on my inet access router:
.Jul 27 10:10:19: ICMP: time exceeded (time to live) sent to public.side.ip
(dest was some.public.addr)
.Jul 27 10:10:19: ICMP: time exceeded (time to live) sent to
unxlated.private.ip (dest was some.public.addr)
.Jul 27 10:10:24: ICMP: time exceeded (time to live) sent to
unxlated.private.ip (dest was some.public.addr)
Any idea what would cause this ? I have double checked my rule-base,
reloaded rules and restarted the firewall service. Again, other DMZ
machines work fine with 'parallel' rules . The only thing I havent done is
to reboot the actual firewall (OS-wise). Any ideas ??
TIA
Brandon Applegate - CCNP, CCDP
Senior Network Engineer
Intelliseek
Infastructure for Internet Portals
[EMAIL PROTECTED]
PGP Key fingerprint:
7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
