 | ||
 Strange? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-12-20 | |||
| |||
 Strange? We have setup a IP260 with Check Point VPN-1 Pro/Express NGX R61. All I need to do open port 80 to the external address of the web server. Should be easy.....Nat etc all done I can ping the external address I can Remote desktop to the server but I can't open the web page..... Tracker displays no drops FW monitor shows no http connects but shows the ICMPs Tcpdump does the same as Fw monitor... I'm lost what’s going on? cheers Dan  |
| 2006-12-20 | |||
| |||
| Re: Strange? Danielpb, ok so we've established you can access the IPSO through http on the internal interface therefore could be 1 of 2 things:- 1. HTTP -> EXT INT is being dropped by the rulebase. You say Tracker shows no drops but are you logging all rules? Could always test this by putting a test rule at the top of your rulebase to explicitly allow HTTP from desired source to the ext interface. or 2. Perhaps your routings a bit screwed up. Have you checked your default gateways / static routes / NAT rule? This could explain why the traffic isn't showing up in the logs? Joncon |
| 2006-12-20 | |||
| |||
| Re: Strange? Hi Joncon, Thanks for your reply.... first I better mention this device is managed externally. I can Voyager on to the external interface with HTTPS. Http is being dropped to an external IP of a web server behind the firewall which is Natted by a separate public IP. Correct the Tracker show no drop/reject/smart defense nothing on HTTP to this device but does with ICMP and Remote desktop. - and they work. My next step was to contact the ISP and double check all routing...I have checked static routes and it has the default hop setup correctly. This is why i'm scratching my head ...very strange goings on's Cheers Dan |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
