Hi all,
I've been working with FW-1 for about 6 months now and have just come up
against a problem I can't find a solution for. I have FW-1 installed on NT
box with an external IF , a DMZ and an Internal IF. Pretty standard stuff.
Internet -----Router---------FW-1---------DMZ
|
|
Internal
The router belongs to our ISP and is on their site.
My company requires more IP addresses however our ISP cannot supply another
block of 32 addresses that are contiguous with what we currently have. They
can however supply the connectivity via ILS on the same wire (ie to my
external IF). When I configure a machine on my DMZ to use one of the new
addresses it gets REJECTED by rule 0 (rather than dropped) which according
to the phoneboy site means that the outgoing packet has violated the
antispoof rules as it is being routed out the wrong interface. That sounds
like the incoming packets are routed to the correct machine but the reply is
being REJECTED by rule 0 . I have tried to allow all IP's from the new
subnet in and out of the external IF on the firewall object as well as Other
but still rejected by rule 0.
Am I trying to do something that can't be done or is there a better way?
Any suggestions would be appreciated
Thanks
____________________________________________
Graeme Patterson
Systems Administrator
Elcom Technolgy Pty Ltd
Email [EMAIL PROTECTED]
Web www.elcom.com.au
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
