I'm running Firewall-1 R55W on Nokia appliance. As a test, I ended up
creating a rule at the top of the rulesbase with straight TCP port 53
service (no protocol definitions), all involved DNS servers defined as
normal Node objects and put them all in both source and Dst fields.
I've enabled logging for everything I can think of, i.e. for out of
state packets, implied rules and the explicit aformentioned DNS rule.
When connections are attempted, Firewall-1 shows a drop packet on rule
1 (the explicit DNS rule). No info in the info field. The connections
fail and explanation why. I'm trying to get an fw monitor output but
not sure if this will tell me anything.
One thing worth mentioning here is that there are 2 F5 nodes upstream
from the Firewall-1 machine that perform NAT.
Any ideas on how to get this working would be greatly appreciated.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
