?
Solved

can't ping dmz zone ip through checkpoint firewall

Posted on 2001-09-18
7
Medium Priority
?
961 Views
Last Modified: 2013-11-16
we have a  checkpoint firewall 4.0 running in nt 4.0 ,

and we divid three zone in firewall so dmz , internal ,

and internet external zone . From internet , people can

ping the real ip and access the web server which in dmz ,

but in internal zone , we can't . we have check our

internal zone 's ip have all permission to access anywhere

through the firewall .HOw can we ping and access the real

ip which is in dmz zone .

0
Comment
Question by:adragon218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 56

Expert Comment

by:andyalder
ID: 6490103
Are you trying to ping the servers in the DMZ by name or by IP address? If it works OK by address then probably you will have to put hosts files on all the local PCs or have an internal DNS server.
0
 
LVL 2

Expert Comment

by:bsadlick
ID: 6490226
Can you give us a detailed IP map?

You say that you can't ping, but can you do anything else? Could it be that you need routes set up on the firewall?
0
 
LVL 4

Expert Comment

by:jwalsh88
ID: 6490266
you should list a map here of how things are layed out and also post the rule base.  That would make it very easy.  Without them everyone will just be making guesses.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 2

Expert Comment

by:scott_renton
ID: 6490929
Check your rules, and make sure that ICMP packets are passed from the DMZ BACK to your internal network.
0
 
LVL 17

Accepted Solution

by:
mikecr earned 120 total points
ID: 6492145
You should have a rule on your filewall with the source being your network and the destination being either the box in the DMZ that your trying to reach or that whole address range of whatever is in the DMZ. Review your rules carefully and make sure your cleanup rule is not dropping everything.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6872502
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you. You must tell the participants why you wish to do this, and allow for Expert response.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question. Again, please comment to advise the other participants why you wish to do this.

For special handling needs, please post a zero point question in the link below and include the question QID/link(s) that it regards.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Please click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site.  If you are an EE Pro user, use the Power Search option to find them.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20066320.html
http://www.experts-exchange.com/questions/Q.20077437.html
http://www.experts-exchange.com/questions/Q.20077440.html
http://www.experts-exchange.com/questions/Q.20090027.html
http://www.experts-exchange.com/questions/Q.20100231.html
http://www.experts-exchange.com/questions/Q.20114643.html
http://www.experts-exchange.com/questions/Q.20120132.html
http://www.experts-exchange.com/questions/Q.20071195.html
http://www.experts-exchange.com/questions/Q.20149689.html
http://www.experts-exchange.com/questions/Q.20162087.html
http://www.experts-exchange.com/questions/Q.20164390.html
http://www.experts-exchange.com/questions/Q.20169921.html
http://www.experts-exchange.com/questions/Q.20184141.html
http://www.experts-exchange.com/questions/Q.20235450.html
http://www.experts-exchange.com/questions/Q.20236629.html
http://www.experts-exchange.com/questions/Q.20241715.html
http://www.experts-exchange.com/questions/Q.20242281.html
http://www.experts-exchange.com/questions/Q.20251302.html
http://www.experts-exchange.com/questions/Q.20230721.html
http://www.experts-exchange.com/questions/Q.20258985.html
http://www.experts-exchange.com/questions/Q.20263165.html


To view your locked questions, please click the following link(s) and evaluate the proposed answer.
http://www.experts-exchange.com/questions/Q.20094421.html
http://www.experts-exchange.com/questions/Q.20237806.html
http://www.experts-exchange.com/questions/Q.20254761.html
http://www.experts-exchange.com/questions/Q.20254818.html

PLEASE DO NOT AWARD THE POINTS TO ME.  
 
------------>  EXPERTS:  Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days.  Also, if you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange

P.S.  For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6967589
Admin notified of User neglect. Force-accepted by
Netminder
CS Moderator
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question