Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Checkpoint R65 Firewall Leased Line Configuration Issue

Posted on 2012-03-13
2
Medium Priority
?
671 Views
Last Modified: 2012-08-13
I wont go into the weirdness we've had surrounding this connection until I need to but basically:

We have an UTM-1 272/274/278 box running Checkpoint R65

We have had a single ADSL line attached to the External interface for a long time now and all external facing services (Exchange, FTP, Citrix, Sharepoint etc) routed through this line.

We also had another ADSL line connected to the LAN1/Sync port which was (as stupid as it sounds) believed to be for the email but discovered that it wasnt even being used, merely configured to exist.

To ease our transition to the leased line, we were under the impression that we could swap out the redundant ADSL connection on the LAN1/Sync port and replace it with that of the newly aquired Leased Line.

We did this and configured it as we needed to, however, we are unable to get any traffic down this line - there are not even any logs for activity in SmartView Tracker.

We are able to ping the router from the Firewall so comms must exist, and we are able to tracert and ping to the first two IP's of the leased line. I wont go into details, but its on a xxx.xx.xxx.64/248 address range. Gateway is .65 (Cisco WS-C3560) and Firewall was assigned .66, with 67-70 to be assigned to the externally facing services. The router is not NAT enabled.

Internally, the routing works. If I connect my Filezilla FTP client to the external address, it connects but it going direct through the firewall and is never going outside. Externally the only addresses "pingable" are .64 and .65. .70, the IP of the FTP sire externally is configures for FTP and ICMP requests but returns nothing.

Any ideas?
0
Comment
Question by:ultra-it
2 Comments
 
LVL 14

Accepted Solution

by:
grimkin earned 1500 total points
ID: 37719079
Hi,

Could you confirm:

* if you attach your laptop and give it the .66 address, everything works
* if you attach the firewall to the line with the ext interface set to .66 then no traffic goes down the line but you can ping the upstream router from the firewall
* you have a default route on the firewall pointing to .65

Thnx

G
0
 

Author Comment

by:ultra-it
ID: 37829546
Apologies for lack of reply on this one.

It turned out we everything was working fine, but because of the two lines configured as they were, the ping and service requests were going down one line and back through the other.

never thought to use it, but using ISP redundancy resolved the issue.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Integration Management Part 2
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question