adding a network - nokia+checkpoint

adding a network - nokia+checkpoint
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Networking Firewalls - Software and hardware firewalls discussions 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
adding a network - nokia+checkpoint Joe 04-05-2005
Posted by Joe on April 5, 2005, 1:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have just installed 2 nokia ip380's in ha configuration with
checkpoint ngai r55. Everything works fine.
Because we have exhausted our currently assigned 32 ip addresses I had
to request another from our isp. They assigned me with an additional
subnet (non-contiguous).
I have configured the external cisco 1703 router with the first
address of the new range, and configured it as secondary. I beleive
the routing from the outside world to the firewall (via the cisco
router) works fine. I can ping the fw and router from each other.

My problem is that I cannot access any server that has any of the new
addresses assigned from the internet (via nat in the fw). It works ok
if I assign one of the current addresses.

I have configured each fw with an ip address from the new range (by
adding it as an additional ip to the interface). I did this with
voyager.
I then added another interface 'test1' and 'test2' in the topology of
checkpoint's fw objects and assigned the same ip address as per their
ipso config. Note that this has not been added to the cluster object,
just each of the fw objects.

I can logon to any server on any of the 5 internal networks and ping a
server that has the newly public address assigned to it, and I get a
response. But when I try and achevie this externally it times out
after hitting our external router interface.

Any ideas?


Posted by on April 6, 2005, 8:23 am
If you were  Registered and logged in, you could reply and use other advanced thread options

Joe wrote:
> I have just installed 2 nokia ip380's in ha configuration with
> checkpoint ngai r55. Everything works fine.
> Because we have exhausted our currently assigned 32 ip addresses I
had
> to request another from our isp. They assigned me with an additional
> subnet (non-contiguous).
> I have configured the external cisco 1703 router with the first
> address of the new range, and configured it as secondary. I beleive
> the routing from the outside world to the firewall (via the cisco
> router) works fine. I can ping the fw and router from each other.
>
> My problem is that I cannot access any server that has any of the new
> addresses assigned from the internet (via nat in the fw). It works ok
> if I assign one of the current addresses.
>
> I have configured each fw with an ip address from the new range (by
> adding it as an additional ip to the interface). I did this with
> voyager.
> I then added another interface 'test1' and 'test2' in the topology of
> checkpoint's fw objects and assigned the same ip address as per their
> ipso config. Note that this has not been added to the cluster object,
> just each of the fw objects.
>
> I can logon to any server on any of the 5 internal networks and ping
a
> server that has the newly public address assigned to it, and I get a
> response. But when I try and achevie this externally it times out
> after hitting our external router interface.
>
> Any ideas?



Posted by on April 6, 2005, 8:25 am
If you were  Registered and logged in, you could reply and use other advanced thread options

Joe wrote:
> I have just installed 2 nokia ip380's in ha configuration with
> checkpoint ngai r55. Everything works fine.
> Because we have exhausted our currently assigned 32 ip addresses I
had
> to request another from our isp. They assigned me with an additional
> subnet (non-contiguous).
> I have configured the external cisco 1703 router with the first
> address of the new range, and configured it as secondary. I beleive
> the routing from the outside world to the firewall (via the cisco
> router) works fine. I can ping the fw and router from each other.
>
> My problem is that I cannot access any server that has any of the new
> addresses assigned from the internet (via nat in the fw). It works ok
> if I assign one of the current addresses.
>
> I have configured each fw with an ip address from the new range (by
> adding it as an additional ip to the interface). I did this with
> voyager.
> I then added another interface 'test1' and 'test2' in the topology of
> checkpoint's fw objects and assigned the same ip address as per their
> ipso config. Note that this has not been added to the cluster object,
> just each of the fw objects.
>
> I can logon to any server on any of the 5 internal networks and ping
a
> server that has the newly public address assigned to it, and I get a
> response. But when I try and achevie this externally it times out
> after hitting our external router interface.
>
> Any ideas?



Similar ThreadsPosted
adding new ip range to fw-1 March 24, 2005, 4:18 pm
adding IP2 to IPCOP December 11, 2006, 11:46 am
Kerio 2.1.5 adding posts to block "virus flood" August 17, 2005, 7:50 pm
Firewall Tests Lower after Adding DSL Modem/Router July 25, 2006, 5:20 pm
Network topology suggestions for Win2k3 web server network March 1, 2005, 9:58 am
Network Restructuring (Network Design and Equipment) May 16, 2006, 9:35 am
Firebox 1000 - Optional network cannot communicate with trusted network via an external address NAT'd to the trusted January 23, 2006, 4:46 pm
Network browsing takes ages when one computer is declared as Internet zone on a 4-computer network July 18, 2004, 1:42 pm
PIX VPN: can't see the whole network September 5, 2005, 5:01 pm
RDP from outside network July 13, 2006, 3:51 pm

The site map in XML format XML site map

Contact Us | Privacy Policy