Solved

Problem about CheckPoint 4.1

Posted on 2006-06-21
4
319 Views
Last Modified: 2013-11-16
Recently, I need to add a router in our system. Thus the following changes are required.

Old Configuration: hme0: IP - 10.12.2.10, netmask - 255.255.255.252,
                                hme1: IP - 10.12.4.126, netmask - 255.255.255.128

Old Path: public network --> CheckPoint FW 4.1 --> local network 

New Configuration: hme0: IP - 10.12.2.10, netmask - 255.255.255.252,
                                hme1: IP - 10.12.4.253, netmask - 255.255.255.192

New Path: public network--> CheckPoint FW 4.1 --> 3Com Netbuilder II router --> our computer control system
I've updated 
/etc/hosts & /etc/netmasks files to change the IP adress.
the corresponding network objects. The file under /var/opt/CPfw1-41/database/objects.C has been updated.

However, after implementing the mentioned changes, in checking the FW log, the are many messages rejected as rule 0.
 
Action -- Reject
Service -- 6218/6200
Protocol -- TCP
Rule -- 0
S_Port --  >1024
Info -- SYNDefender Warning: SYN --> SYN-Ack --> Time out
 
As my current license key was registered last year with IP 10.12.2.10 (this IP will not be changed), I think I don't need to re-install the license key again. Am I right? Do I need to install the license key again?

Do you know the cause of the message being rejected? Is there any special setting required if the FW is being connected to a 3Com Netbuilder II router directly?
Please advise. Thanks a lot.

0
Comment
Question by:cplau
  • 3
4 Comments
 
LVL 5

Expert Comment

by:dbardbar
ID: 16958110
The license is not the issue here.

The SYNDefender is saying that it got a SYN packet, it responded with SYN-ACK packet, but no ACK packet was receieved from the client to complete the first side of the 3-way handshake. This is basicly a SYN attack.

If you are seeing this only for these two specific ports 6218/6200, then it might be some sort of trojan, trying to scan the network. But, it isn't clear why the scanner is not responding to the SYN/ACK packet sent by the FW-1.
It might have been a routing/antispoofing issue, but then the problem would appear for all sorts of ports, not just 6218 and 6200.


Have you changed the IP of the Firewall-1 object, or is it still 10.12.2.10?
Did you make the necassry changes in the Anti-Spoofing? Did you define hme1 as "Other" and put in a group of internal networks?
Do you have any connectivinty problems, apart from the SYNDefender logs?


If the messages about SYNDefender are annoying, you can turn off the logging.

And, BTW, why are you using 4.1? The current versions offers a lot more in terms of security stability and usability.
0
 

Author Comment

by:cplau
ID: 16958235
Dear dbardbar,

Before doing the mentioned changes, I do not observe these SYNDefender messages being dropped. Apart from these SYNDefender logs, my network is having a connectivity problem.

Further, I 've already udpated the Firewall-1 Object, at the intreface pages:

I changed the setting of hme1 as follows:

Old settings:
Net Address: 10.12.4.0
Network Masks: 255.255.255.128

New settings:
Net Address: 10.12.4.253
Network Masks: 255.255.255.192

Is this setting correct? I don't know why the old setting 10.12.4.0 was being used before.
Or do I need to keep the Net Address as 10.12.4.0?

In addition, there are many TIME OUT messages dropped. Do you think it is related to the speed of the network? something like full duplex, half duplex connections.

0
 
LVL 5

Accepted Solution

by:
dbardbar earned 250 total points
ID: 16958368
Your network settings don't sound quite right.

In the interfaces page, you should write the IPs of the interfaces, as they appear in ifconfig on the machine.

In the antispoofing of each interfaces you should do the following:
Create 2 network objects - 10.12.4.192/255.255.255.192 and also the network representing your local network (the one behing the 3com router).
Create a group, and put in these two network objects inside the group.

On hme0 - Choose "Other"
On hme1 - Choose "Specific", and then choose the group object which you have created.

Also, have you correctly changed the routing on the Firewall-1 machine? The FW-1 machine needs to know to route traffic to the internal network (behind the 3com router) via the router's IP.
0
 
LVL 5

Expert Comment

by:dbardbar
ID: 17006934
Does it work correctly now?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN client software 7 50
sftp access 4 52
Questions on windows ports 13 79
Windows Server Firewall Configuration 2 45
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question