do you have auto-arp enabled in the global-properties\NAT?
cheers reinhard
At 16:24 05.01.2004, you wrote:
We use Firewall-1 for NAT (incoming and outgoing), PAT, VPN connections and (obviously) as a plain firewall. Last week after I rebooted (shutdown -i6 -g0 -y) the firewall came back up only partially working.
Outgoing NAT and VPN connections worked as did PAT and NAT when going through the VPN. However I later realized that NAT from the outside didn't work. Nothing unusual at the time was being shown through the log viewer. I was able to fix this after a recompile of the rules from the Policy Editor.
When replacing an old firewall with this new one, I did a lot of unplugging and plugging in of NIC cards while the servers were still running, and had the same problems. Most things would work once I plugged the NIC back in, but some things wouldn't be working, in all sorts of combinations. All these problems were fixed with a ruleset recompile. Restarting the firewall daemons or the server itself at this point didn't help.
I'm running Firewall-1 NG FP2 with Solaris 8 on a V100 machine prior to this we were using an Ultra 10 with NG FP2, both have this same problem.
Anyone else run across this? I can reproduce (and fix) this problem (a little too) easily, and I'm worried it's a sign of a bigger problem.
Thanks, Chris
-- Chris Cameron UpNIX Internet Administrator ardvark.upnix.net bitbucket.upnix.net -- http://www.upnix.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Reinhard Stich, ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-10
Kennen Sie unsere Mailing-Listen f�r Techniker? Infos unter https://isecure.internet-security.at/infos.html#2
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
