Hi,
I am running a Nokia bosx with IPSO 3.4, VPN/FW-1 4.1 SP4. We have two internal
interfaces and 1 external interface. We have a Citix server running on Win2k and
another box running Winnt4.0. The Citrix server is statically NATed the other box is
NATed behind the FW address all on one interface. The other internal inferface is
NATed behind the FW address. We can use the ICA client from outside the firewall and
attach to Citrix on a valid IP just fine. The problem is between both internal
interface. Our rule looks like this
Internal1 Internal2 NBT, microsoft-ds (udp,tcp 445), Citrix accept
We cannot map file shares on Internal2 on either the Citrix box or the NT 4.0 box. We
cannot use the ICA client even though a similar rule from the outside works. I have
another service that does work called funkproxy (similar to VNC). For testing purposes
I allow ping to Internal2 and it works. I can nbtstat to the boxes in Internal2.
My logs show the packets were accepted and nothing dropped except with Win2k where
nbsessions at first are accepted then a Rule ) rejection with a message SYNDefender
warning: SYN -> SYN-ACK -> RST.
Anyone have a solution or at least some further things to check.
Regards,
Richard Chase
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
