Hi everyone,
Within the firewall policy I've got a rule allowing specific connections
inbound. As these connections are allowed in, the source of the connection
is hidden behind one address using hide NAT and the destination of the
connection is translated using static NAT. For quite some time this setup
has been working fine until recently when I added two new subnets to the
allowed sources for the rule.
When connections are made from the new subnets I can see in the logs that
the connection is initially allowed and translated as it should be but then
immediately following the "Accept" I get a "Drop" with the information on
the drop stating "message_info: Connection contains real IP of NATed
address". The people trying the connection from the new subnets can't
connect at all due to the drop, however people connecting from any of the
old subnets that are still working fine.
This puzzles me as the new subnets are simply using the same firewall rule
and natting rules as the old subnets. Has anyone encountered this problem
before? I'm using CheckPoint NG AI R55.
Regards,
David
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
