I have seen issues like this after changing IPs on gateways, ussually it gets resolved by going to the gateway object in the Dashboard > Topology > Get Interfaces.
You might have already done it as part of the change, but if not, it might help. Regards On Sun, Oct 17, 2010 at 7:03 AM, Gary Scott <accesslimi...@yahoo.com> wrote: > You should verify with a tcpdump to make sure the traffic is not getting to > your > FW. You did a get topo after the IP change, define new networks, setup NAT > etc...? Does your manager use the FW has its default gateway? Can it access > the > internet? If no traffic is seen at the FW then not much you can do to the > FW for > traffic that doesn't reach it. > > > -GS > > > > > ________________________________ > From: "c...@ans.com.au" <c...@ans.com.au> > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > Sent: Sat, October 16, 2010 3:45:56 PM > Subject: [FW-1] IP Change of both SmartCenter and Gateway > > Hi, > > I have a centrally licensed SmartCenter and one splat enforcement gateway > module. > > To suit our internal policy, we have to change the internal ip address of > the gateway, and obviously the ip address of the SmartCenter. I have > obtained the license for the new ip address from CP. Following the change > over procedure, I have managed to changed the ip of both, installed the new > license, reset the sic, and successfully installed the policy. > > However, now I cannot access the net from the internal network. The odd > thing though is that, our ftp server, which on a dmz in splat, can be > accessed from the net and internally. We are using ISA 2006 (proxy mode) as > our proxy server (and no we are chaining splat with the isa). > > I've changed the routing, the vlan assignments, etc but still cannot surf > the net. Our proxy server cannot surf either. > > Originally, before the ip change, the splat, smartcenter and proxy server > are on the same vlan (192.168.x.y/24). But with the new ip, splat and smart > center are on a different vlan (172.x.y.z/24). Both vlans are on the same > cisco switch. > > In the new ip addresses, I look at the tracker log, I don't even see the > http connection hitting the firewall. > > I suspect routing is the issue. > > Please advise any suggestions/ideas. > > ta > czar > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= > > > > > > > Scanned by Check Point Total Security Gateway. > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= > -- Sergio Alvarez CISSP | CCSE+ Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
