Jim Shaw wrote:
>
> I have built a couple of Checkpoiunt 2000 firewalls on NT 4.0/SP6a for
> a customer. One is to operate at a remote site. There is a private
> network to the site that will go away once things are working smoothly.
>
> I had everything working sweetly in a test lab with a simulated internet
> connection between the boxes (Linux box running as router, dns, smtp,
> www servers etc.)
>
> The remote fw was shipped and now I can't talk to it over the private
> network. If I (or my colleague 600km away) run fwstop I can ping it and
> it can ping the rest of the network. fwstart and it might as well be in
> Siberia. The only change I made between when I tested and when I shipped
> was to the external IP address as I had been given the wrong one.
> Changed it in all relevant (NT and FW1) places I could think of.
did you change the ip address spoofing config? (interface security tab)
I forget that sometimes. The external interface will usually have
"other" as the allowed networks. You need to re-get the interface info,
and then re-configure the "other" for allowed networks.
--
Earl Robinson
Network Security Analyst
SeNet International Corp
[EMAIL PROTECTED]
===============================================================
In God we Trust -- all others must submit an X.509 certificate.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
