[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Strange web problem
I also had a similar problem when I added a newly defined network
object.
Turns out that I forgot to setup the NAT properties for that network (I
choose "Hide", then the IP).
Once I filled it in (correctly), some sites that were doing exactly
what you described (timeout) worked.
I guess it helps when you setup things correctly <grin>
Good Luck -- Chris
--- NOCSEC - Operations NdrsNet <operations@ndrsnet.com> wrote:
>
> We are using fw1 3.0b www.oracle.com works fine for
> us. sounds like a bad rule. as a side note this is
> with NAT enabled.
> I successfully navigated the oracle site. Hope
> this narrows your trouble shooting strategies.
>
> Regards
>
> Bill
>
> -----Original Message-----
> From: sysfrog@ca.ibm.com [SMTP:sysfrog@ca.ibm.com]
> Sent: Sunday, April 25, 1999 3:19 PM
> To: Joe Albanese
> Cc: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: Re: [FW1] Strange web problem
>
>
> The way Checkpoint works, if you send a request to
> Server A and Server B
> answers, Checkpoint will not allow the connection as
> it was expecting a
> response from Server A.
>
> The IBM firewall will allow the TCP/ACK in from any
> Server.
>
> The above might be your problem
>
> Regards.....Elliot
>
>
> "Joe Albanese" <joea@ohioonline.net> on 04/23/99
> 12:20:15 PM
>
> Please respond to "Joe Albanese"
> <joea@ohioonline.net>
>
> To: fw-1-mailinglist@lists.us.checkpoint.com
> cc: (bcc: Elliot Spiegel/Markham/IBM)
> Subject: [FW1] Strange web problem
>
>
>
>
>
>
> We're using checkpoint v4.0 on a solaris box. For
> the most
> part we're able to surf to any web site. However,
> there are a few web
> sites
> that we can't get to. For example, www.oracle.com,
> www.winzip.com. The
> browser
> simply times out. We have an IBM firewall on the
> same network that has no
> problems getting to the sites.
> I can't even get to the sites when I'm directly on
> the firewall. Our rules
> are
> applied inbound only, so there's no way a filter
> could be the problem.
> Plus I
> don't see any drops in the logs. Furthermore we do
> have some network
> connectivity to those sites. My snoop traces show
> that there is initial
> communication both ways. For some reason the
> connection is dropped after
> about
> the 4th packet exchange.
>
> Any help would be greatly appreciated.
>
> thanks,
> Joe
>
>
>
>
>
===========================================================================
> =====
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
===========================================================================
> =====
>
>
>
>
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================