You should verify with a tcpdump to make sure the traffic is not getting to your FW. You did a get topo after the IP change, define new networks, setup NAT etc...? Does your manager use the FW has its default gateway? Can it access the internet? If no traffic is seen at the FW then not much you can do to the FW for traffic that doesn't reach it.
-GS ________________________________ From: "c...@ans.com.au" <c...@ans.com.au> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Sent: Sat, October 16, 2010 3:45:56 PM Subject: [FW-1] IP Change of both SmartCenter and Gateway Hi, I have a centrally licensed SmartCenter and one splat enforcement gateway module. To suit our internal policy, we have to change the internal ip address of the gateway, and obviously the ip address of the SmartCenter. I have obtained the license for the new ip address from CP. Following the change over procedure, I have managed to changed the ip of both, installed the new license, reset the sic, and successfully installed the policy. However, now I cannot access the net from the internal network. The odd thing though is that, our ftp server, which on a dmz in splat, can be accessed from the net and internally. We are using ISA 2006 (proxy mode) as our proxy server (and no we are chaining splat with the isa). I've changed the routing, the vlan assignments, etc but still cannot surf the net. Our proxy server cannot surf either. Originally, before the ip change, the splat, smartcenter and proxy server are on the same vlan (192.168.x.y/24). But with the new ip, splat and smart center are on a different vlan (172.x.y.z/24). Both vlans are on the same cisco switch. In the new ip addresses, I look at the tracker log, I don't even see the http connection hitting the firewall. I suspect routing is the issue. Please advise any suggestions/ideas. ta czar ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway.
