1) Take a look at the route tables on the firewall and validate
2) Any dynamic routing protocols running the firewall?
3) Do you have control ip forwarding set on the management server?
Since it seems to work fine when the firewall service is not running, why
not remove ICMP from the implied rules and make a rule for ICMP, then track
that way? Figure out which rule is sending the packet outside.
Thomas Poole
-----Original Message-----
From: Sprickerhoff, Eldon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 3:56 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] Odd PING from firewall
Recently discovered something very odd about the PING activity from one of
my firewalls.
The network looks as follows:
EXT ROUTER ----------- FIREWALL ---------------INT ROUTER -------- 10.1.1.x
If I try, from the firewall, to ping 10.1.1.1, it sends traffic through the
external interface. However, if I fwstop the firewall, it sends traffic
through the proper (internal) interface. I can ping the internal router
either way - the problem only arises when I try to get one (or more) hops
beyond.
The firewall object itself doesn't have NAT established, and the interfaces
are properly configured. ICMP is configured as Before Last.
Any hints would be appreciated.
EWS
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
