Checkpoint R65 Firewall Leased Line Configuration Issue

I wont go into the weirdness we've had surrounding this connection until I need to but basically:

We have an UTM-1 272/274/278 box running Checkpoint R65

We have had a single ADSL line attached to the External interface for a long time now and all external facing services (Exchange, FTP, Citrix, Sharepoint etc) routed through this line.

We also had another ADSL line connected to the LAN1/Sync port which was (as stupid as it sounds) believed to be for the email but discovered that it wasnt even being used, merely configured to exist.

To ease our transition to the leased line, we were under the impression that we could swap out the redundant ADSL connection on the LAN1/Sync port and replace it with that of the newly aquired Leased Line.

We did this and configured it as we needed to, however, we are unable to get any traffic down this line - there are not even any logs for activity in SmartView Tracker.

We are able to ping the router from the Firewall so comms must exist, and we are able to tracert and ping to the first two IP's of the leased line. I wont go into details, but its on a xxx.xx.xxx.64/248 address range. Gateway is .65 (Cisco WS-C3560) and Firewall was assigned .66, with 67-70 to be assigned to the externally facing services. The router is not NAT enabled.

Internally, the routing works. If I connect my Filezilla FTP client to the external address, it connects but it going direct through the firewall and is never going outside. Externally the only addresses "pingable" are .64 and .65. .70, the IP of the FTP sire externally is configures for FTP and ICMP requests but returns nothing.

Any ideas?
ultra-itAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grimkinCommented:
Hi,

Could you confirm:

* if you attach your laptop and give it the .66 address, everything works
* if you attach the firewall to the line with the ext interface set to .66 then no traffic goes down the line but you can ping the upstream router from the firewall
* you have a default route on the firewall pointing to .65

Thnx

G

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ultra-itAuthor Commented:
Apologies for lack of reply on this one.

It turned out we everything was working fine, but because of the two lines configured as they were, the ping and service requests were going down one line and back through the other.

never thought to use it, but using ISP redundancy resolved the issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.