|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Nated machines can't access Internet
Understood. But that's where planning comes into place. Ask your ISP to reset the ARP cache, after you install the new NIC. Beats having the router down for a few minutes. To each there own... Thanks Steven. Robert >>> Steven Zimmerman <[email protected]> 02/19/01 04:10PM >>> >Only if you have access to the router. There are a lot of Internet access >companies that do not allow you access to the router.... > >Steven Zimmerman >CIO >IR Network Solutions >>fax > > -----Original Message----- >From: Robert MacDonald [mailto:[email protected]] >Sent: Monday, February 19, 2001 3:50 PM >To: [email protected]; [email protected] >Cc: [email protected] >Subject: RE: [FW1] Nated machines can't access Internet > > >Steven, > >Wouldn't running 'clear arp-cache' on the router be much >faster? > >Robert > >- - >Robert P. MacDonald >Global Infrastructure Group, Haworth, Inc. >Voice:>email: [email protected] > >>>> Steven Zimmerman <[email protected]> 02/19/01 10:09AM >>> >> >>First thing I would do is reboot you ISP router after putting the new >>firewall in place. The ISP router will have the MAC address of you old >>server cached (default is 3 hours on Cisco) and it will try to send all >>packets to that old MAC. >> >> -----Original Message----- >>From: CryptoTech [mailto:[email protected]] >> >>Annette, >>Since this is an upgrade on a separate server, a few questions come to >mind. >>Have you removed the old config so that the new setup will be the proper >>defaultroute for internal hosts? >>Validation of proper published mac addresses is a plus >>Check the network properties TCPIP ->routing table to enable ip >>forwarding/routing. >> >>HTH, >>CryptoTech >> >>Annette Tenney wrote: >> >>> Am running FW-1 ver. 4.0. Upgrade planned on different server. Have >>> installed NT on new machine and imported the rulebase and configuration >>> files from the old machine which is currently in use. Have modified the >>> route table on the new machine to match the old machine. Have created the >>> local.arp file. Checked in the configuration GUI that the external >>interface >>> was pointing to the correct card. On the firewall network object did a >get >>> for the interfaces which succeeded. Installed the policies. >>> >>> Have new machine on test network with DNS. Have not tried the upgrade >yet. >>> Firewall can get name resolution, can ping machines on internal network >>and >>> DMZ by both true IP address and nated address. Internal machines with >>nated >>> address can not get name resolution (DNS acting as machine outside >>> firewall), machines internal with hidden address can get resolution. >>Machine >>> on DMZ, with nated address can not get resolution. External machine can >>not >>> get to web server on DMZ. Have disabled all rules in rule base and added >>> rule any any any allow. Psuedo rules set to allow anything. Turned off IP >>> address spoofing. >>> >>> What have I missed? >>> >>> Thanks for your help. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
