I don't see that exact rule under my Global Properties, I am running NG FP
3. I have "accept FW-1 control connections", "accept outgoing packets
originating from the gateway", "accept SmartUpdate connections" and "accept
dynamic address Module's DHCP traffic". Those are the only 4 implied rules
I have selected.
Wouldn't stateful UDP replies be allowed?
From: "J. Ruff" <john AT DNDLABS DOT NET>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] destination Translated
Date: Mon, 22 Dec 2003 12:06:42 -0500
Question: Are you using the "allow UDP replies" implied rule under Global
Properties?
-John
> In my firewall logs I see incomming 53-UDP traffic being dropped by my
> cleanup rule with the destination "Translated". Is what I am seeing
> responses to valid DNS queries from my internal clients? I am using
hide
> mode NATing for my internal address range, which includes my internal
DNS
> servers. We are having some minor DNS issues and I am trying to
> troubleshoot the issue.
>
> Thanks for any help.
>
> _________________________________________________________________
> Get dial-up Internet access now with our best offer: 6 months
> @$9.95/month!
> http://join.msn.com/?page=dept/dialup
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Enjoy the holiday season with great tips from MSN.
http://special.msn.com/network/happyholidays.armx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
