Re: [FW1] SYN Defender and WAN routing

Thu, 12 Oct 2000 12:51:36 -0700 


Yeah you need static routes, or run like gated or routed so your firewall learns where 
stuff is automatically. You can just setup gated ( I run gated) and list all the 
static routes, or pass routing info like rip or whatever to your firewall...

Rodney Lacroix wrote:

> I started receiving a TON of SYN Defender messages today, mostly originating from my 
>remote WAN sites to other web sites (all remote WAN sites route through us for 
>Internet access).
>
> I made the following change:  My firewall's subnet on the internal interface was 
>incorrect (255.0.0.0 vs. 255.255.0.0 on a 10.1.x.x network).  When I changed the 
>subnet to the correct mask, I began to receive SYN Defender messages from my WAN 
>sites (routed networks also on a 255.255.0.0. subnet, but with a different network 
>ID).  Apparently, the firewall did not know how to respond to the remote 
>workstations, and timed out the connections.
>
> I assumed it was then because my internal NIC on the firewall did not have a default 
>gateway specified (I could not ping the routers on my remote sites from the 
>firewall).  When I added the default gateway (my local router), ALL Internet traffic 
>halted - I again assume this is because my route has the firewall as it's hop to the 
>Internet, and my firewall had it's next hop as the router (never ending loop).
>
> It appears that my firewall does not know the routes to my other sites with the 
>correct network ID and subnet mask.  How do I do this?  Do I need to manually add 
>static routes to the other networks?
>
> Rodney Lacroix
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to