I have asked this question before with no response, so let's try it again.

External                Firewall         Internal
Client                                   ressource
                       __________
                       |        |
1.2.3.4 ------> 5.6.7.8| -NAT-> |-----> 172.16.10.1
                       |________|
                     If-ext   If-int

If-ext and If-int are the interface names appearing in the log file.

I can see the following entries in the log file:

Time      Interf.  action   service   source    dest      rule     Info

10:10:10  >If-ext  accept   tcp1234   1.2.3.4   5.6.7.8   rule16   len 40
10:10:10  >If-int  drop     tcp1234   1.2.3.4   5.6.7.8   rule0    len 40
10:11:12  >If-int  drop     tcp1234   1.2.3.4   5.6.7.8   rule0    len 40

What could be the reason for these rule-0-drops incoming on the internal
interface for an external -> internal connection.
It can't be an anti-spoofing issue, because in this direction it would be
rejected and not dropped AND it would be marked as outgoing on the
internal interface (btw: 5.6.7.8 is defined as valid addr. on If-int).

Any help would be appreciated !
Thanks,
Olaf




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to