Understood. But that's where planning comes into place. Ask your
ISP to reset the ARP cache, after you install the new
NIC. Beats having the router down for a few minutes.
To each there own...
Thanks Steven.
Robert
>>> Steven Zimmerman <[EMAIL PROTECTED]> 02/19/01 04:10PM >>>
>Only if you have access to the router. There are a lot of Internet access
>companies that do not allow you access to the router....
>
>Steven Zimmerman
>CIO
>IR Network Solutions
>770-277-9877 x224
>770-237-5497 fax
>
> -----Original Message-----
>From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 19, 2001 3:50 PM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: RE: [FW1] Nated machines can't access Internet
>
>
>Steven,
>
>Wouldn't running 'clear arp-cache' on the router be much
>faster?
>
>Robert
>
>- -
>Robert P. MacDonald
>Global Infrastructure Group, Haworth, Inc.
>Voice: +1.616.393.1247
>email: [EMAIL PROTECTED]
>
>>>> Steven Zimmerman <[EMAIL PROTECTED]> 02/19/01 10:09AM >>>
>>
>>First thing I would do is reboot you ISP router after putting the new
>>firewall in place. The ISP router will have the MAC address of you old
>>server cached (default is 3 hours on Cisco) and it will try to send all
>>packets to that old MAC.
>>
>> -----Original Message-----
>>From: CryptoTech [mailto:[EMAIL PROTECTED]]
>>
>>Annette,
>>Since this is an upgrade on a separate server, a few questions come to
>mind.
>>Have you removed the old config so that the new setup will be the proper
>>defaultroute for internal hosts?
>>Validation of proper published mac addresses is a plus
>>Check the network properties TCPIP ->routing table to enable ip
>>forwarding/routing.
>>
>>HTH,
>>CryptoTech
>>
>>Annette Tenney wrote:
>>
>>> Am running FW-1 ver. 4.0. Upgrade planned on different server. Have
>>> installed NT on new machine and imported the rulebase and configuration
>>> files from the old machine which is currently in use. Have modified the
>>> route table on the new machine to match the old machine. Have created the
>>> local.arp file. Checked in the configuration GUI that the external
>>interface
>>> was pointing to the correct card. On the firewall network object did a
>get
>>> for the interfaces which succeeded. Installed the policies.
>>>
>>> Have new machine on test network with DNS. Have not tried the upgrade
>yet.
>>> Firewall can get name resolution, can ping machines on internal network
>>and
>>> DMZ by both true IP address and nated address. Internal machines with
>>nated
>>> address can not get name resolution (DNS acting as machine outside
>>> firewall), machines internal with hidden address can get resolution.
>>Machine
>>> on DMZ, with nated address can not get resolution. External machine can
>>not
>>> get to web server on DMZ. Have disabled all rules in rule base and added
>>> rule any any any allow. Psuedo rules set to allow anything. Turned off IP
>>> address spoofing.
>>>
>>> What have I missed?
>>>
>>> Thanks for your help.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
