[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] FW1 V4, Citrix, Tuxedo and Netbackup
I have FW1 version 4 (SP2) running on Solaris 2.6 (105181-12). The
firewall has three legs: network A is public, network D is a quasi
DMZ populated with NT Citrix servers and network C is the private
segment, home to Solaris servers running a database application, and
using 10.X.X.X addressing. NAT happens on the firewall.
I have several problems at the moment:
Every time we reload the rule base, all the Citrix sessions get cut
off. For every minor change, we need a formal network outage, which
is a real pain (and is costing me sleep!).
The Citrix servers open Tuxedo sessions to the Unix servers in the C
network using their translated addresses. Then they try to continue
the conversation on the Unix server's private (10.X.X.X) addresses.
Does anyone know if Tuxedo includes the server's IP address in the
packet freight, or have any other ideas about what might be causing
this?
Netbackup's documentation states that it uses three ports (13720,
13721, and 13782), but it turns out that it also uses ports in the
range 512-1024 as well. I had thought that if I created two TCP
services, one >512 and one <1024, this would compile to a range
512-1024. However, when I look at the .pf file, the service_list is
{<0, 65535>}, which I think means all ports. I've obviously
misunderstood this completely, so I'm hoping that someone can put me
on the right track.
Back connections (notably back connections from ssh) seem to fail
sometimes (I see drops in the logs), although the users are not seeing
a problem.
TIA
Melodie Neal
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================