Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> Help Needed - Checkpoint Secureplateform-routing
Post Info TOPIC: Help Needed - Checkpoint Secureplateform-routing
suze2002


Status: Offline
Posts: 1
Date:
Help Needed - Checkpoint Secureplateform-routing
Permalink  

Dear All

We have 3 nic's on the firewall system. ETH0 on external interface and ETH1 on local lan interface and ETH2 on DMZ.After installed checkpoint secure platform R55 the routing is not working. ie. the packet is not able to routing to external interface from local lan segment. If someone clarrify this issue , then it was greatful help for me.

Thanks

Suresh CCSA

__________________
nox


Status: Offline
Posts: 9
Date:
RE: Help Needed - Checkpoint Secureplateform-routi
Permalink  

There would be several things I would look into here:

Do you have any static routes for this interface?

Do you have any rules allowing traffic between the interfaces?

What are the anti-spoofing configuration set for these interfaces? --- First thing I would look into

Most times when I came accross this issue it was due to antispoofing, so I would start there

Hope it Helps
Neil


__________________
RoxcoR Technologies www.pheusion.com Security / Cryptography / Application development
ccseng2002


Status: Offline
Posts: 84
Date:
RE: Help Needed - Checkpoint Secureplateform-routing
Permalink  

I would go one step further.


On the firewall, do "fw unloadlocal" to see if routing


works.  If it does, then the FW policy is the problem.


Otherwise, you need to get routing work properly. 


One exception, if you have NAT, "fw unloadlocal"


will kill it.


 



__________________
ccseng2002


Status: Offline
Posts: 84
Date:
Permalink  

One other thing I forgot to point out, who is controlling the routing (i.e. IP forwarding) ?  Your OS or Checkpoint? 


You may want to use "fw ctl" command to find out and set ip_forwarding to always.



__________________
ccseng2002


Status: Offline
Posts: 84
Date:
Permalink  

my mistake.  it should be: fw ctl ip_forwarding never



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> Help Needed - Checkpoint Secureplateform-routing
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard