>From: Balendra Elangco <[EMAIL PROTECTED]>
>We have a couple of Sunscreen firewalls (running on Ultra 10s - Solaris
2.6)
>in HA mode. We tested them in a test environment and after sorting out
>a few problems, we moved them to the production enviroment. Test
environment
>used consisted of network using hubs and the production network environment
>is on switch.
>
>Now when I log on to the the firewall host via telnet, it freezes after 3
>minutes and does not come back. When I tried to display netscape running on
the
>firewall remotely on my workstation, after waiting for about 3 mins, it
>complains that it can't display on to the remote host. Sunscreen cannot be
>configured without using a browser on the firewall itself.
I don't know much about Sunscreen, but it sounds like you're having DNS or
host-resolution issues or your test filter rules do not reflect the
production environment. When you moved the firewall to the production
environment, can your firewall reverse-resolve the IPs that are trying to
contact it? If you were using DNS in the test environment, is the DNS
accessible in the production environment? Are the machines you use to
connect to the firewall in the production DNS? Were there any IP address
changes between the test and production environment that would neccessitate
changes to the filter rules?
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
