[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Exchange Services dropped by rule 0
check ure antispoofing... -----Original Message----- From: Mark Holman To: 'Andy David'; '[email protected]' Sent: 9/21/00 6:00 PM Subject: RE: [FW1] Exchange Services dropped by rule 0 It is set to Inbound. -----Original Message----- From: Andy David [mailto:[email protected]] Sent: Thursday, September 21, 2000 5:35 AM To: '[email protected]' Subject: RE: [FW1] Exchange Services dropped by rule 0 Do you have your interface direction set to inbound, outbound or eitherbound? Andy David J. Muller International / Egis, Inc. -----Original Message----- From: Mark Holman [mailto:[email protected]] Sent: Wednesday, September 20, 2000 11:17 PM To: '[email protected]' Subject: RE: [FW1] Exchange Services dropped by rule 0 I have disabled anti-spoofing on all three interfaces and I still get the entries in the log. The only router is the one set up by our Internet provider, but even if the latter is the case and anti-spoofing is disabled it should not matter how the router is configured. Thanks -----Original Message----- From: Wayne Graves To: 'Mark Holman' Sent: 9/20/00 8:09 PM Subject: RE: [FW1] Exchange Services dropped by rule 0 Is spoofing turned off ? Rule zero are the internal rules Check the interface this is failing on and make sure either spoofing is off or that the target address in in the list. The one other thing that can do this is if you are going thru a router and the route to the destination is either undefined (with default back to the firewall) or otherwise pointed back to the firewall (this assumes spoofing on and correct). In this case the packet goes out fine but gets bounced off the router and when it comes back the firewall decides it's a spoof since it thinks it's coming from the firewall. Any of that make sense? Rule 0's are implicit rules, I can't think of anything but spoofing that would be doing this but you can see more of what's going on then I. Good Luck Wayne -----Original Message----- From: Mark Holman [mailto:[email protected]] Sent: Wednesday, September 20, 2000 2:43 PM To: '[email protected]' Subject: [FW1] Exchange Services dropped by rule 0 Let me try this again without the tabs, so it is legible. We have one FW with a localnet and a DMZ behind the FW with Exchange server sitting in the DMZ. I have set up the Directory Service and Information Store used by Exchange and Outlook clients to use two specific high numbered ports called DirStore and InfStore.. Everything appears to be working okay, but the log is filling up with the following entries that are being blocked by rule 0. With Valid IP meaning the Valid IP assigned to the NIC on the external interface of the FW and Random Ports are just that - the ports vary between each log entry. Origin Valid IP Service Exchange_DirSer Source Local PC Destination Exchange Srv Proto tcp Rule 0 S_Port random ports And many combinations of the above all dropped by rule 0. All with Origin "Valid IP" Again, all appears to be working okay, but the log will fill up in minutes. Any insight would be appreciated. ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|