|
I have a strange issue. My company owns a
class C address range (say A.B.68.0). When we try to access another
company through ping or smtp or whatever, it fails.
The other company's address is A.B.135.x. The first two octets of their
range are the same as ours (I don't know if this is relevant or not). I can ping them from our Internet router, but not from my
firewall or Internal network. I added the following rule to my rulebase -
Any TheirServer ICMP-proto Accept Long. After trying my ping attempt again, the
log viewer showed the action as Accept, but the requests still timed out.
Spoofing is set up on the External Interface as Others+ MyInternetRouter. I do not have a route set up on my firewall that says
A.B.0.0 -> Gateway (Internet Router), but there is a default gateway on the
External interface of my firewall pointing to the Internet router. Just in case
I, I added a route to my firewall that said TheirServerIP 255.255.255.255 MyInternetRouter.
This had no effect on the issue. With the route and the rule added, the request
was still accepted by the firewall, but the requests timed out. |
- RE: [FW1] Routing or FW problem? Kinsey, Brian A.
- RE: [FW1] Routing or FW problem? Luke, Jason (ISS Southfield)
