There is a method to correct this. However, not available to me at this
very moment. Will post it tomorrow.
> Dan Hitchcock wrote:
>
> I have also seen this happen when using automatic NAT rules - the
> firewall is NATting fine, then suddenly, with no explanation, private
> addresses start leaking to the public network. Nothing in the
> firewall logs, nothing in fwd.elg, the NAT xlate state tables aren't
> full, fw ctl pstat looks fine, etc etc.
>
> The fix has been to create manual NAT rules in the address translation
> rulebase rather than automatic NAT rules on the objects themselves.
>
> BTW, Hey Check Point, what's up with this? I've never found a
> satisfactory explanation anywhere for this, and the problem persists
> right up through 4.1SP4 (have seen it as early as 4.0SP1).
>
> Dan Hitchcock
> CCNP, CCSE, MCSE
> Security Analyst
> Breakwater Security Associates, Inc.
> "Safe Harbor for E-Business"
> dhitchcock (at) breakwatersecurity (dot) com
> http://www.breakwatersecurity.com
> 206-770-0700 work
>
> The information contained in this email message may be privileged,
> confidential and protected from disclosure. If you are not the
> intended recipient, any dissemination, distribution or copying is
> strictly prohibited. If you think you have received this email
> message in error, please email the sender at
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 04, 2001 2:56 AM
> To: Siow Yun Patricia
> Cc: [EMAIL PROTECTED]
> Subject: Re: [FW1] NAT fails on adhoc basis - Anybody encountered this
>
> before ?
>
> do you have any "halloc failed blah blah" in you fwd.elg?
>
> maybe you run out of kernerl memory, you can try to increase
> fwhmen
> on /etc/system as shown:
>
> set fw:fwhmem=0x900000
>
> this number is calculated for my config, i think there is an
> phoneboy
> article covering this issue.
>
> Ra�l.
>
> Siow Yun Patricia <[EMAIL PROTECTED]>@lists.us.checkpoint.com
> con
> fecha 03/09/2001 05:59:24
>
> Enviado por: [EMAIL PROTECTED]
>
>
>
> De Siow Yun Patricia
> <[EMAIL PROTECTED]>
>
> @lists.us.checkpoint.com
> --------+
> -----------------------------------------------------+
>
> A
> --------+
> -----------------------------------------------------+
>
> Copias
>
> a
> --------+
> -----------------------------------------------------+
>
> CCI
> --------+
> -----------------------------------------------------+
> Fecha 03/09/2001
> 05:59
> --------+
> -----------------------------------------------------+
> Tema [FW1] NAT fails on adhoc basis -
> Anybody
> encountered this before
> ?
> --------+
> -----------------------------------------------------+
>
> Hi all !
>
> Have any administrators encouter this problem before ?
>
> Setup :
> Checkpoint 4.1 sp4 on pair of Sun Ultra 10s Solaris 7.
> Implements
> stonebeat
> fullcluster for HA and load balancing solution. Implements VPN
> with
> use of
> SecuRemote.
>
> Problem :
> NAT fails without reason adhoc basis.
> Noticed that after pushing out the same policy with minor
> changes to
> the
> firewall many times (during testing). NAT fails to work even
> though
> it has
> previously worked before. What's odd is that after creating a
> new
> rulebase
> and creating a set of rules and NAT exactly the same as before.
> Pushed it
> out to the nodes again. NAT works.
>
> Are there any state files or config files to remove and check
> without
> the
> need to re-create a new policy everytime ?
>
> Thanks in advance.
>
> Rgds,
> Patricia
>
>
> ================================================================================
>
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
> ================================================================================
>
> ================================================================================
>
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Juan Concepcion
Network Security Engineer
CCSA CCSE
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
