Mark,
- Does connections that uses the security servers work?
- Can you get all the interfaces with "fw ctl iflist" and are all these defined
correctly on the gateway object?
- Are logging for anti spoofing turned on? What can you see in the log viewer?
- What is the output of "fw stat"?
Lars
> -----Original Message-----
> From: Schill, Mark [mailto:Mark.Schill AT BELLSOUTH DOT COM]
> Sent: Friday, June 27, 2003 03:33
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] W2k and NT routing config
>
>
> I am having an issue with Windows 2000 not forwarding packets
> between the
> interfaces. I have tested everything else and it seems that
> it just won't
> forward between the interfaces. I have turned on RRAS and enabled
> forwarding. Any ideas on what else I can check??
>
>
>
> -----Original Message-----
> From: Brian Granier [mailto:briang AT ZEBEC DOT NET]
> Sent: Friday, June 13, 2003 10:13 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>
> I don't think it's necesarry to turn it on pre-install. The
> only reason
> to do so prior to installation of Checkpoint would be to test the
> ability to route through the box which essentially would test
> to ensure
> all the interfaces are configured correctly and your static routes are
> added properly and return route paths make it back to your
> Win2k system.
>
> T. Brian Granier
> GCIA, CCNA, CCSE, CHP, MCSE (NT4&W2K), MCP+I, N+, A+
> Information Security Architect
> Zebec Data Systems, Inc.
>
>
>
> -----Original Message-----
> From: Edwin Davidson [mailto:EDavidson AT PRIMEINC DOT COM]
> Sent: Friday, June 13, 2003 8:38 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] W2k and NT routing config
>
>
> My Checkpoint NG install book states
> on page 72 to enable IP forwarding
> on NT. They make no mention of what
> to do on W2k.
>
> On W2k one can configure routing with a
> registry hack:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> IPEnableRouter=1
> or by configuring "routing and remote
> access" service. (has problems?)
> http://www.phoneboy.com/wizards/200211/msg00126.html
>
>
> On newsgroup cp.products.firewall-1
> I found: (might have to cut and paste parts of this)
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&th
> readm=PQug
> skE%24BHA.226%40dogwood.us.checkpoint.com&rnum=7&prev=/group
> s%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dw2k%2Brout
> ing%2Bregi
> stry%2Bhack%26sa%3DN%26tab%3Dwg
>
> "You don't have to enable IP forwardnig. Checkpoint will do
> it for you.
> The logic behind not enabling IP forwarding is if the Checkpoint
> software crashes and IP forwarding is enabled, then the OS
> will forward
> packets to your network making it vulnerable. Thats why its
> safer not to
> enable ip forwarding and allow checkpoint to do it for you."
>
> So I am ask the forumn, what do you do?
>
> On W2k, do you configure Routing and Remote Access, or
> do the IPEnableRouter registry hack, or do you leave
> routing turned off?
>
> Thanks.
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
