I have built a couple of Checkpoiunt 2000 firewalls on NT 4.0/SP6a for
a customer. One is to operate at a remote site. There is a private
network to the site that will go away once things are working smoothly.
I had everything working sweetly in a test lab with a simulated internet
connection between the boxes (Linux box running as router, dns, smtp,
www servers etc.)
The remote fw was shipped and now I can't talk to it over the private
network. If I (or my colleague 600km away) run fwstop I can ping it and
it can ping the rest of the network. fwstart and it might as well be in
Siberia. The only change I made between when I tested and when I shipped
was to the external IP address as I had been given the wrong one.
Changed it in all relevant (NT and FW1) places I could think of. FWIW
the license is on the DMZ interface address which has not changed.
I want to manage it from my local network and the gui-clients file is
correct.
Deleting all the rules I had installed and putting in one that does
any,any,any,accept,log long does not show anything in the logs except
for ctl log messages - policy loads etc. Deleted all NAT rules and
changed NAT'd objects to non-NAT'd.
While this is very secure :) it is not useful. My colleague and I are
stumped.
Anyone have any ideas on where to look next - or is it an un-install and
reload time.
Ta,
Jim
--
Jim Shaw Email: [EMAIL PROTECTED]
Optimation NZ Ltd, DDI: +64-4-470-5831
P.O. Box 10616, Ph: +64-4-472-7218
Level 2, Optimation House, Fax: +64-4-472-7219
1 Grey Street, Web: http://www.optimation.co.nz
Wellington,
New Zealand
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
