We believe this to be the case. We're no longer looking at it as a FW1
issue. There is something messy with the HP ProCurve core routers
we're using where they are putting the VRRP in the block instead.
However, when they do that (selectively, for some reason), they also
maintain the source MAC address (thus the FW1 would never find it's
way back, even if it did find its way through).
Thanks everyone for all your suggestions/feedback!
On Thu, 28 Oct 2004 08:48:01 -0500, Previtera, Sal
<sal.previtera AT wth DOT org> wrote:
> Could it be that he has ARP issues on that switch/router?
>
> -----Original Message-----
> From: GoddardM AT SCHNEIDER DOT COM [mailto:GoddardM AT SCHNEIDER DOT COM]
> Sent: Wednesday, October 27, 2004 3:28 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Lost ssh access to SPLAT firewall!
>
> Is there anything else in this switch and VLAN other than the firewall and
> management station? I believe you said in another email they are both on
> this switch... could be something doing a TCP reset on the ssh port.
>
> Regards,
> Matt Goddard
> Security Information Team
> Schneider National
> 920-592-4787
> goddardm AT schneider DOT com
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
