This is a second issue that I had today with my final BSD firewall rollout in my main center.
This issue was with exchange All branches have VPN tunnels back to central location and the firewall rules have a pass quick over the VPN tunnels On the main location I have a pass quick log inet from <staffsegments> to <exchangeservers> keep state I also have a pass quick log inet from <exchangeservers> to <staffsegments> keep state The firewall has approx 21000 states and is running pretty good overall. The traffic is listing as pass but yet the connections are not working from any location. This system is basically a carbon copy of another location that works perfectly with exchange and the system worked 100% when behind checkpoint with no changes to the servers to move them behind BSD. I have looked over the tcpdumps and I didn't see any blocks >From within the same location on the Staffsegment off of this same firewall it works fine. I would be using the same rules as the remote branches so it makes me think its something with the tunnels but not really sure at this point Any direction would be great.. For now, I had to back out and put junkpoint, I mean checkpoint in place. Thanks James
