Re: [FW1] Checkpoint 2000 on NT

Tue, 20 Jun 2000 09:47:44 -0700 


Jim,

What did the config look like in your test environment? IP
setups, basic rule setup(generalize), etc.

What did you change before you shipped it? What
changed after they received it?

You mention trying to talk to it over a 'private'
network. Has this been configured before or
after it shipped?

I'm looking for specifics.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Earl Robinson <[EMAIL PROTECTED]> 11/30/00 7:28:20 AM >>>
>
>Jim Shaw wrote:
>> 
>> I have built a couple of Checkpoiunt 2000 firewalls on NT 4.0/SP6a for
>> a  customer. One is to operate at a remote site. There is a private
>> network to the site that will go away once things are working smoothly.
>> 
>> I had everything working sweetly in a test lab with a simulated internet
>> connection between the boxes (Linux box running as router, dns, smtp,
>> www servers etc.)
>> 
>> The remote fw was shipped and now I can't talk to it over the private
>> network. If I (or my colleague 600km away) run fwstop I can ping it and
>> it can ping the rest of the network. fwstart and it might as well be in
>> Siberia. The only change I made between when I tested and when I shipped
>> was to the external IP address as I had been given the wrong one.
>> Changed it in all relevant (NT and FW1) places I could think of.
>
>did you change the ip address spoofing config? (interface security tab)
>
>I forget that sometimes. The external interface will usually have
>"other" as the allowed networks. You need to re-get the interface info,
>and then re-configure the "other" for allowed networks.
>
>-- 
>Earl Robinson
>Network Security Analyst
>SeNet International Corp
>[EMAIL PROTECTED] 
>===============================================================
>In God we Trust -- all others must submit an X.509 certificate.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to