CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page R62 and VLANs in Solaris 10
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-03-01
walcat_0 walcat_0 is offline
Member
  
Join Date: 2006-05-23
Location: New Zealand
Posts: 53
Rep Power: 3
walcat_0 has an average reputation (10+)
Default R62 and VLANs in Solaris 10
Hi,

I have two FW's in my lab, both are Solaris 10 and both have VLANS configured on them

$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv 4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTE R,IPv4> mtu 1500 index 2
inet 192.168.10.57 netmask ffffff00 broadcast 192.168.10.255
bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTE R,IPv4> mtu 1500 index 3
inet 192.168.100.57 netmask ffffff00 broadcast 192.168.100.255
bge86001: flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROU TER,IPv4,CoS> mtu 1500 index 4
inet 192.168.86.57 netmask ffffff00 broadcast 192.168.86.255
bge88001: flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROU TER,IPv4,CoS> mtu 1500 index 5
inet 192.168.88.57 netmask ffffff00 broadcast 192.168.88.255


The same is on the other FW except IP's they are .56, both FW's run R62.

I am pinging from one FW to another. From 192.168.100 i can ping either interface(.57 can ping .56 and vice versa) , however there is no connectivity on the other vlans 86 & 88. When i try and ping another VLAN all i see if FW1 (.57) accept the ping but the destination FW doesnt record the packet coming in. When pinging on 192.168.100 subnet i see an accept on both FW's

The rulebase is ANY ANY Accept, with Accept outgoing packets enabled in the global policy and log implied rules also enabled.

When i unload the rulebase i can ping all vlans, so the vlans work and the connecting switch is also configured correctly, there are no drops recorded in tracker, no anti-spoofing no smartdefense. The toplogies on both FW's are defined correctly and were obtained with a get interfaces with topology.

Any ideas ? I am going mad trying to work this out and im sure it is something stupid i am overlooking

Thanks in advance.
Reply With Quote
  #2 (permalink)  
Old 2007-03-04
dfwboiler dfwboiler is offline
Junior Member
  
Join Date: 2007-01-21
Posts: 18
Rep Power: 0
dfwboiler has an average reputation (10+)
Default Re: R62 and VLANs in Solaris 10
Can't say I've run into this before...
but did you do an fw monitor?
maybe a fw ctl zdebug drop |grep ipaddress
Reply With Quote
  #3 (permalink)  
Old 2007-03-05
walcat_0 walcat_0 is offline
Member
  
Join Date: 2006-05-23
Location: New Zealand
Posts: 53
Rep Power: 3
walcat_0 has an average reputation (10+)
Default Re: R62 and VLANs in Solaris 10
Hi,

Thanks for the advice.

I have finally figured out what the problem was.

I was running R62 on Solaris 10 with the Performance Pack option installed, aparently this does not support VLANS, with the performance pack uninstalled i tried again and it worked fine.

Thanks for the help
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 11:25.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0