Solved

Checkpoint R65 Firewall Leased Line Configuration Issue

Posted on 2012-03-13
2
654 Views
Last Modified: 2012-08-13
I wont go into the weirdness we've had surrounding this connection until I need to but basically:

We have an UTM-1 272/274/278 box running Checkpoint R65

We have had a single ADSL line attached to the External interface for a long time now and all external facing services (Exchange, FTP, Citrix, Sharepoint etc) routed through this line.

We also had another ADSL line connected to the LAN1/Sync port which was (as stupid as it sounds) believed to be for the email but discovered that it wasnt even being used, merely configured to exist.

To ease our transition to the leased line, we were under the impression that we could swap out the redundant ADSL connection on the LAN1/Sync port and replace it with that of the newly aquired Leased Line.

We did this and configured it as we needed to, however, we are unable to get any traffic down this line - there are not even any logs for activity in SmartView Tracker.

We are able to ping the router from the Firewall so comms must exist, and we are able to tracert and ping to the first two IP's of the leased line. I wont go into details, but its on a xxx.xx.xxx.64/248 address range. Gateway is .65 (Cisco WS-C3560) and Firewall was assigned .66, with 67-70 to be assigned to the externally facing services. The router is not NAT enabled.

Internally, the routing works. If I connect my Filezilla FTP client to the external address, it connects but it going direct through the firewall and is never going outside. Externally the only addresses "pingable" are .64 and .65. .70, the IP of the FTP sire externally is configures for FTP and ICMP requests but returns nothing.

Any ideas?
0
Comment
Question by:ultra-it
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
grimkin earned 500 total points
ID: 37719079
Hi,

Could you confirm:

* if you attach your laptop and give it the .66 address, everything works
* if you attach the firewall to the line with the ext interface set to .66 then no traffic goes down the line but you can ping the upstream router from the firewall
* you have a default route on the firewall pointing to .65

Thnx

G
0
 

Author Comment

by:ultra-it
ID: 37829546
Apologies for lack of reply on this one.

It turned out we everything was working fine, but because of the two lines configured as they were, the ping and service requests were going down one line and back through the other.

never thought to use it, but using ISP redundancy resolved the issue.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question