Checkpoint Problem - Firewalls

This is a discussion on Checkpoint Problem - Firewalls ; I have a public IP mapped to two different hosts behind the firewall. One of these works, and the second one is not seen by the firewall log at all. I'm hoping someone has some ideas on possible causes. Let ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Checkpoint Problem

  1. Checkpoint Problem

    I have a public IP mapped to two different hosts behind the firewall. One
    of these works, and the second one is not seen by the firewall log at all.
    I'm hoping someone has some ideas on possible causes.

    Let there be a public IP. The firewall rules say that some machines can
    connect to this IP on service A and another group of machines can connect on
    service B.

    The public IP is entered in the routing table to move the packet to a router
    inside that knows how to get to the two destination subnets.

    The NAT rules convert the public IP when the service is A to an IP on an
    internal host. That works. The NAT rule below it converts the public IP
    when the service is B to a different IP on an internal host. Both of
    those internal hosts are directly connected to the router that the routing
    rule sends the packet to.

    I put a sniffer on the external interface of the firewall, and I clearly see
    the incoming SYN to the public IP on the destination port for service B.
    But the firewall log shows *nothing*. No rule is ever invoked. What
    would this indicate?

    Is incoming FTP handled in some special way by Checkpoint?

    --
    Will



  2. Re: Checkpoint Problem

    Will wrote:
    : I have a public IP mapped to two different hosts behind the firewall. One
    : of these works, and the second one is not seen by the firewall log at all.
    : I'm hoping someone has some ideas on possible causes.

    : Let there be a public IP. The firewall rules say that some machines can
    : connect to this IP on service A and another group of machines can connect on
    : service B.

    What version of Checkpoint firewall is this? Have you enabled "Translate
    destination on client side"?

    More on all NAT settings here:
    http://www.checkpoint.com/services/e...ngx_sample.pdf

    Lars

+ Reply to Thread