Checkpoint R65 Firewall Leased Line Configuration Issue
Posted on 2012-03-13
I wont go into the weirdness we've had surrounding this connection until I need to but basically:
We have an UTM-1 272/274/278 box running Checkpoint R65
We have had a single ADSL line attached to the External interface for a long time now and all external facing services (Exchange, FTP, Citrix, Sharepoint etc) routed through this line.
We also had another ADSL line connected to the LAN1/Sync port which was (as stupid as it sounds) believed to be for the email but discovered that it wasnt even being used, merely configured to exist.
To ease our transition to the leased line, we were under the impression that we could swap out the redundant ADSL connection on the LAN1/Sync port and replace it with that of the newly aquired Leased Line.
We did this and configured it as we needed to, however, we are unable to get any traffic down this line - there are not even any logs for activity in SmartView Tracker.
We are able to ping the router from the Firewall so comms must exist, and we are able to tracert and ping to the first two IP's of the leased line. I wont go into details, but its on a xxx.xx.xxx.64/248 address range. Gateway is .65 (Cisco WS-C3560) and Firewall was assigned .66, with 67-70 to be assigned to the externally facing services. The router is not NAT enabled.
Internally, the routing works. If I connect my Filezilla FTP client to the external address, it connects but it going direct through the firewall and is never going outside. Externally the only addresses "pingable" are .64 and .65. .70, the IP of the FTP sire externally is configures for FTP and ICMP requests but returns nothing.