Solved

Issue with NAT on Checkpoint NG firewall unable to connect externally

Posted on 2006-11-06
7
706 Views
Last Modified: 2013-11-16
I'm having a strange problem with my firewall, a Checkpoint NG with Application Intelligence (R55). I have a range of four IP addresses allocated by my ISP. The first one is used for the gateway, the second is for our mail server which also runs Outlook Web Access, the third is for a DMZ and the 4th is spare. I have NAT configured to translate from the mail server (192.168.40.2) to the second IP in our range, I'll call it x.x.x.2. I did this by right clicking on the node and going to edit, then on the NAT tab I selected "Add Automatic Address Translation rules", set the method to "Static" and entered the IP, x.x.x.2. I also have a NAT entry for our internal network, 192.168.40.0, to the first IP in our range, x.x.x.1.

The problem is, for some reason the mail server can no longer access the external network. It is configured to use the fileserver as a DNS server, so for example when I ping www.google.com, it resolves the IP address but the packets fail to get through the firewall. If I disable the NAT for the mailserver, it can ping the outside world without problems. At the moment, I've disabled all of the security policies so that all traffic on all ports can get through, just to make sure it wasn't a problem with a rule. I'm completely stumped as to why this doesn't work... any insight guys? At the moment we're unable to send or receive any email externally, as we use MessageLabs to filter our email, and they are only forwarding mail to the x.x.x.2 address. I need to get this fixed asap! Thanks!
0
Comment
Question by:Jm_saunders
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 4

Expert Comment

by:LBACIS
ID: 17888657
If it is on a Nokia appliance check your voyager and make sure there is nothing NAT there.
0
 
LVL 3

Author Comment

by:Jm_saunders
ID: 17889001
It's on the SecurePlatform (SPLAT), and I've resolved the issue now.

Cheers,

James
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18059441
James, post the resolution and I can refund your points

regards

Keith
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 3

Author Comment

by:Jm_saunders
ID: 18061049
Somebody had added a switch between the firewall and the internet, and connected a router into it... and gave the router the same IP address as my mailserver. This meant that the packets could leave the firewall from the mailserver, but they'd get returned to this router that was sitting outside my firewall. I didn't know about this until, in an act of desperation, I went and unplugged everything and connected it all up again. I just unplugged the switch and the extra router, and everything started working again properly.

Cheers,

James
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18062359
Thanks :)

I'll make the recommendation for PAQ and points refunded on my next sweep through which will be a couple of days.

Thanks
Keith
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18136455
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question