Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] HP UNIX Servers in my DMZ

from dsamaan [Permanent Link]
Subject: [FW-1] HP UNIX Servers in my DMZ
From: dsamaan AT FORSYTHESOLUTIONS DOT COM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 16 May 2003 12:56:42 -0500 
Running Nokia in HA with CP FP3 HF2.  Servers in my DMZ have a 10.10.200.x
address.  Users from an internal VLAN (10.10.1.x) are having intermittent
Telnet sessions that are dropping to the UNIX Servers.  I have a no manual
NAT rule that says int_net-> dmz _net  = original and from dmz_net->int_net
= Original

Originally they couldn't ping any of the UNIX Servers (Win2k servers worked
fine) because the UNIX Servers were doing a "health check" back to the
firewall DMZ VRRP address.  HP was of no help.   So to fix that issue I
allowed ICMP from those unix servers to the firewalls and placed it before
the stealth rule.  Ping was working fine and I thought everything else was
OK.

The Unix admin can now run tests. X11 and telnet to the UNIX Servers into
the DMZ.  Now a day later they are telling me that Telnet is not working
and they think it's the firewall.   To take the frewalls out of the picture
they routed directly from internal VLAN to DMZ VLAN bypassing the firewall
and they claim it works now.

Has anyone heard of weird issues with HP UNIX Servers like this?

Daniel Samaan
Technical Security Consultant
CCSE, CCNA, CSPFA, CSVPN, MCNS, CSIDS, CCA, MCSE+I
Cell: (847) 274-2034
dsamaan AT forsythesolutions DOT com

---------------------------------------------------------------------
Forsythe Solutions
5440 W. Fargo Avenue
Skokie, IL 60077
www.forsythesolutions.com

Building cost-effective IT infrastructure that organizations trust.

--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] HP UNIX Servers in my DMZ, dsamaan <=
Previous by Date:  [FW-1] AW: [FW-1] Upgrading Checkpoint NG FP3 HF1 to NG FP3 HF2, Reinhard Stich
Next by Date:  Re: [FW-1] AW: [FW-1] can't define internal interface on NG node, Steven J. Surdock, PE
Previous by Thread:  [FW-1] AW: [FW-1] Upgrading Checkpoint NG FP3 HF1 to NG FP3 HF2, Reinhard Stich
Next by Thread:  [FW-1] smtp 550 mailbox unavailable, Lancer
Indexes:  [Date] [Thread] [Top] [All Lists]