Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

Checkpoint R65 Firewall Leased Line Configuration Issue

I wont go into the weirdness we've had surrounding this connection until I need to but basically:

We have an UTM-1 272/274/278 box running Checkpoint R65

We have had a single ADSL line attached to the External interface for a long time now and all external facing services (Exchange, FTP, Citrix, Sharepoint etc) routed through this line.

We also had another ADSL line connected to the LAN1/Sync port which was (as stupid as it sounds) believed to be for the email but discovered that it wasnt even being used, merely configured to exist.

To ease our transition to the leased line, we were under the impression that we could swap out the redundant ADSL connection on the LAN1/Sync port and replace it with that of the newly aquired Leased Line.

We did this and configured it as we needed to, however, we are unable to get any traffic down this line - there are not even any logs for activity in SmartView Tracker.

We are able to ping the router from the Firewall so comms must exist, and we are able to tracert and ping to the first two IP's of the leased line. I wont go into details, but its on a xxx.xx.xxx.64/248 address range. Gateway is .65 (Cisco WS-C3560) and Firewall was assigned .66, with 67-70 to be assigned to the externally facing services. The router is not NAT enabled.

Internally, the routing works. If I connect my Filezilla FTP client to the external address, it connects but it going direct through the firewall and is never going outside. Externally the only addresses "pingable" are .64 and .65. .70, the IP of the FTP sire externally is configures for FTP and ICMP requests but returns nothing.

Any ideas?
0
ultra-it
Asked:
ultra-it
1 Solution
 
grimkinCommented:
Hi,

Could you confirm:

* if you attach your laptop and give it the .66 address, everything works
* if you attach the firewall to the line with the ext interface set to .66 then no traffic goes down the line but you can ping the upstream router from the firewall
* you have a default route on the firewall pointing to .65

Thnx

G
0
 
ultra-itAuthor Commented:
Apologies for lack of reply on this one.

It turned out we everything was working fine, but because of the two lines configured as they were, the ping and service requests were going down one line and back through the other.

never thought to use it, but using ISP redundancy resolved the issue.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now