***Facts*** This may actually be a routing issue but it might be related since the problems I'm about to describe started occurring after I upgraded our Sparc/Solaris2.6/Firewall-1 3.0b installation to Sparc/Solaris2.6/Firewall-1 4.1 SP2. I've attempted to draw our network below to help explain the issues. I've accepted all the defaults in the policy properties window and am currently allowing all outbound traffic. We have just one NT domain for our whole network. The only few domain controllers are in LocalNet1. All of the internal Nets including the DMZnet are being hidden behind 204.5.211.2/24. The firewalled gateway has static routes configured for all the RemoteNets so the IP traffic originating in the localnets can be forwarded to the WAN Router. Static Routes are also configured on the firewall for the statically NATed addresses in the DMZ and localnet1. I have NETBIOS relay allowed through the WAN Router. ***Problem Description*** The hosts (using Outlook) in the RemoteNets drop connection to the Exchange Server (192.168.1.20 in LocalNet1) every few minutes. Even pings time out. Doing a "tracert 192.168.1.20" on these Windows hosts restores connectivity. Isn't this really weird? Why do I think this may have anything to do with FW? Well...despite the fact that I've allowed "any" service to "any" destination from the InternalNet group (group containing all the internal network objects), in the logs, I see some packets originating on the Exchange server being dropped because of "Unknown established TCP packet". I have Exchange locked down to the few ports suggested in the Microsoft KB article...but I'm allowing all services out so that doesn't matter. I've read the previous mailings on this list at http://search.securepoint.com regarding that message in the log and it seems like I can ignore that message. But again maybe not... Any ideas will be appreciated? Thanks in advance. ***Network Diagram*** Internet | | Internet Router (204.5.211.1/24) | | | (204.5.211.2/24) Def GW 204.5.211.1 Firewalled triple-homed Gateway (192.168.1.1/24)----DMZNet(192.168.1.0/24) Def GW 192.168.1.1 Checkpoint Firewall-1 ver 4.1 (192.168.2.1/24) | | | LocalNet1(192.168.2.0/24) Def GW 192.168.2.1 | | | | Ethernet-0(192.168.2.5/24) Ethernet-0.1(192.168.8.1/24)----------LocalNet2(192.168.8.0) Def GW 192.168.8.1 WAN Router 172.16.1.1/24 ------------------------------------------- | | | | | | | | | | | | | | | 172.16.1.2/24 | 172.16.1.4 | 172.16.1.5 RemoteNet1 Router | RemoteNet2 Router | RemoteNet3 Router 192.168.3.1/24 | 198.162.4.1/24 | 198.162.5.1/24 | | | | | | | | | | | | | | | RemoteNet1 | RemoteNet2 | RemoteNet3 (198.162.3.0/24) | (198.162.4.0/24) | (198.162.5.0/24) Def GW 192.168.3.1 | Def GW 198.162.4.1 | Def GW 198.162.5.1 | | | | | | 172.16.1.7 172.16.1.6 RemoteNet5 Router RemoteNet4 Router 198.162.6.1/24 198.162.6.1/24 | | | | | | RemoteNet5 RemoteNet4 (198.162.7.0/24) (198.162.6.0/24) Def GW 198.162.7.1 Def GW 198.162.6.1 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
