Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> new to FW-1
Post Info TOPIC: new to FW-1
darth_b0ard


Status: Offline
Posts: 1
Date:
new to FW-1
Permalink  

Hi there! I'm a newbie here. I installed the check point smart suite 15-day trial and read some basic docs. I've done a single box installation, initialized my CA, created my security policy, and made a rule.

I have a simple network. One client PC running W2k with statics IP connected to the switch. The FW box is also running on W2k connected to the same switch. It has two NICs. One NIC has a static IP of the same subnet with the client. The other NIC is connected to DSL via an ISP-provided router. My rule is Client1-any-any-accept-log.

My problem is, I cannot connect to the internet from Client1 when it is OK from the FW box. Upon checking the tracker, ICMP traffic from Client1 to the internal NIC of the FW box is accepted. Other traffic from Client1 did not reflect on the FW tracker. Well, except for nbname and nbdatagram, two items which I have no idea what are they for, until I did a google on them.

What am I missing here? I bet its a lot since this is my first try with FW-1. Any replies will be highly appreciated. Thanks!

__________________
Bikky


Status: Offline
Posts: 3
Date:
Permalink  

Your static ip's? are they RFC1918 addresses? if so, is the firewall configured for nat?


also, has your client got the correct DNS settings for web access, as your firewall will be assigned these on the dsl side of things from your isp.


if you can do a tracert from the client to say 217.23.224.239 (www.lan-uk.derwentside.net my site) and get there, but cannot browse, then it's likely to be a dns issue, if you have pc any any allow log as your rule.


if you can't tracert to that ip address (or at least onto the internet even if it fails somewhere on the net) then check you have IP forwarding enabled on your firewall.  There is a registry entry required on win2k (nt has a tick box).  If you search on support.microsoft.com under windows 2000 for IP FORWARDING, this will give you the results you require.



__________________
Also www.lan-uk.derwentside.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> new to FW-1
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard