Our Current Setup
Main Site - Firewall NG FP3 on Windows 2000 Server, SP4 w/ Updates
Alt Site - Firewall NG FP3 on Windows 2000 Server, SP4 w/ Updates
Goal: to update each firewall to Windows Server 2003, SP1 & CP NGX
We have a spare box at Main Site loaded with Windows Server 2003 SP1 &
CP NGX
We ran the config utility on the CPFP3 to export all settings so we
could import on the spare box. We installed CP NGX, imported the config
file from FP3, installed temporary licenses until we verified 100%
usability.
When we boot up the spare box (in the position of the primary firewall
at main site), assigned with correct IP information, the site-to-site
VPN with Alt Site is working correctly, All Outbound traffic routes
through the firewall correctly. We cannot connect to any public
resource on our DMZ or remote in through VPN (non-check point).
Therefore, no traffic that has to be nat'ed through our firewall is
making it through. There is also no DROPS or REJECTS in the firewall
logs to help us troubleshoot.
Does this help?
Charlie
Pooja P. wrote:
Charlie,
You need to give me some more details on the setup,we are not able to get it
properly.
Is it Anti-Spoofing Config problem ?
Regards
Pooja P.
________________________________
From: Mailing list for discussion of Firewall-1 on behalf of Charlie Saliba
Sent: Mon 7/18/2005 10:20 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] NGX Upgrade
Greetings List
My collegue has recently installed NGX on a spare box and we just
swapped over the connections. Everything works internally but *nothing*
is getting through the firewall to the inside network. And to aide in
the problems, there is nothing showing up in the logs to aid in
troubleshooting.
All traffic is going outbound; all traffic on our Site to Site VPN is
working, Internet traffic at the other site is going out it's respective
gateway.
Does anyone have any clues or know where we could troubleshoot?
Thanks
charlie
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are
not to copy, disclose, or distribute this e-mail or its contents to any other
person and any such actions are unlawful. This e-mail may contain viruses.
Infosys has taken every reasonable precaution to minimize this risk, but is not
liable for any damage you may sustain as a result of any virus in this e-mail.
You should carry out your own virus checks before opening the e-mail or
attachment. Infosys reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
