Notices
Non Scooby Related Anything Non-Scooby related

Anyone Familiar with Checkpoint Firewall 1 V4.1?

Thread Tools
 
Search this Thread
 
Old 20 August 2001 | 12:50 AM
  #1  
vmax's Avatar
vmax
Thread Starter
Scooby Regular
 
Joined: Dec 2001
Posts: 291
Likes: 0
Question

If you have.... would you mind giving me a bit of advice.

I have come across FW1 for the first time. I have always used Cisco PIX or Watchguard but never FW1. Should be the same principle me thinks... Just different GUI and syntax.

I'm tying to transistion over to a new ISP. Therefore new ISP assigned IP address's and NAT objects.

I obtain the new FW1 licsense from checkpoint tied to the new external IP address. Change the IP address on the NIC and modify all objects which contain old external address's with new ones ie Network Objects, Host objects and ( Internal LAN use's private address's) NAT objects etc ( After copying the /conf file for backup. This is running on a Windows NT box by the way... I know.... I know )

Anyway change all the objects and the rules are still in place. Assumption is that the rules will now operate with the changes to the objects. Give the box a restart..... No Internet connectivity to /from the LAN.

Do an 'fw stop' and I can see the world outside only on the firewall ( Nothing in the internal LAN because no NAT is taking place ).

I check gateways , DNS, Installation of rules,IP forwarding on the NICS, route print on the firewall, access filters on new ISP router and I just can't figure it out.

In the end I give up and restore the /conf file and restore the old external ISP address and everything starts working again using the old ISP....

What have I missed? I thought all that was needed was to add a new licsense and modify the objects.... Have i missed something?

Appreciate it if you could help me out guys. Give me some clues to this puzzle.

Cheers
Old 20 August 2001 | 08:31 AM
  #2  
dowser's Avatar
dowser
Scooby Senior
 
Joined: Oct 2000
Posts: 3,105
Likes: 0
From: Zurich, Switzerland
Post

Have you edited the proxy.arp file to answer for the new NAT's on the external interface?

And updated the routing tables ('route print' from cmd prompt) telling calls to the new external nats should be routed to the internal interface?

Oh, and if you're running anti-spoof protection (you should be ), you'll need to add the new NAT's on this config too, otherwise it'll think it's a spoof.
Old 24 August 2001 | 08:53 PM
  #3  
vmax's Avatar
vmax
Thread Starter
Scooby Regular
 
Joined: Dec 2001
Posts: 291
Likes: 0
Post

dowser

thanks for that tip mate.... I forgot about the arp file. local.arp

i will setup the arp file.


top web site..
Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
dantiel
General Technical
8
30 September 2015 12:33 AM
Shark
Non Scooby Related
6
19 October 2001 09:43 PM
mega_stream
Non Scooby Related
2
20 August 2001 01:28 AM
IWatkins
Non Scooby Related
2
28 February 2001 11:50 PM
johnfelstead
ScoobyNet General
27
26 February 2001 06:48 PM




All times are GMT +1. The time now is 01:15 PM.