 | ||
 Routing problem between two firewalls ? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-23 | |||
| |||
 Routing problem between two firewalls ? Hi, I'm new in checkpoint. pc1 ip : 192.168.1.1 fw1 ip1 : 192.168.1.254 fw1 ip2 : 192.168.2.254 fw2 ip2 : 192.168.2.253 fw2 ip1 : 192.168.3.254 pc2 ip : 192.168.3.1 pc1 <-> fw1 <-> fw2 <-> pc2 i can't ping & traceroute from pc1 to pc2 and vice versa. why? i already create a static route in fw1 & fw2. any suggestion ? thx  |
| 2007-10-24 | |||
| |||
| Re: Routing problem between two firewalls ? OK what platform is this running on so that we can get an idea of how to add possible stuff. Are we correct in understanding that the routing is correct in as much as that PC1 uses fw1 as it's default gateway and that fw1 uses fw2 as it's. Also that PC2 uses fw2 as it's DG and fw2 uses fw1 as it's. What are you seeing in the SMARTView Tracker regarding ICMP, does your security policy even allow ICMP through the firewall. |
| 2007-10-24 | |||
| |||
| Re: Routing problem between two firewalls ? Hi Well all the issue is with the gateway setting in the systems as well as the default gateway in Firewall.Its not a much complex network, if some routers and switches are there in between then better clear there ARP. If you want some more help, just let me know the system IP settings. I hope its not a big issue. Regards Ranjit |
| 2007-10-24 | |||
| |||
| Re: Routing problem between two firewalls ? hi, fw1 & fw2 checkpoint NGR65 secure platform policy: any any accept no nat fw1 ip1 : 192.168.1.254 fw1 ip2 : 192.168.2.254 static route: route 192.168.3.0/24 via 192.168.2.253 default gw : 192.168.1.254 fw2 ip2 : 192.168.2.253 fw2 ip1 : 192.168.3.254 static route: route 192.168.1.0/24 via 192.168.2.254 default gw : 192.168.3.254 pc1 ip : 192.168.1.1 gw: 192.168.1.254 pc2 ip : 192.168.3.1 gw: 192.168.3.254 pc1 <-> fw1 <-> fw2 <-> pc2 thx |
| 2007-10-24 | |||
| |||
| Re: Routing problem between two firewalls ? I presume when you say that the DG is the interface of the firewall that you are talking about the DG for the PC rather then the DG for the Firewall. Looking at it however then the routing is not the issue and is that your policy does not allow ICMP through. ICMP does not match the any on an accept rule. You either need to specifiy to allow ICMP through or enable under Global Properties on the Policy menu. Whilst Any means Any on a drop it does not mean so on an Accept rule. Hence the Match for 'Any' under the advanced section for service definitions. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
