CheckPoint FireWall1 NG routing between cards

[paulcottingham]

Folks,
Im trying to get my firewall to route traffic between interfaces, i dont seem to be able to do this although if i tell the rule to use NAT it works fine. The address internally is valid and it can ping the ip address of the external interface but no further. Any thoughts


Cheers,

Paul

[mmelby]

I have a checkpoint FW. I need to know a little more about your configuration. What interfaces do you have set up? What rules do you have created? Do you have your gateway configured in your IP setup? Do you have ICMP turned off? Have you turned on full logging? What do the logs indicate?

Any additional info would help.

[paulcottingham]

mmelby,
The firewall has 2 IP interfaces, there are two rules allowing traffic to and from machines inside with full logging and no protocol restrictions (for testing) from inside you can ping the internal interface of the firewall and the external interface but no further. ICMP is allowed in the policy properties so that is not an issue. from outside you can ping both interfaces of the firewall but no further through. if i enable NAT for one machine object and allow it to use the firewall gateway IP address this works fine from inside so i think i am missing a routing rule somewhere. the FW1 software is running on Checkpoint Secure Server (FP2)

Paul

[haguec]

you also might want to try a static route

[iNViCTuS]

Originally posted here by haguec
you also might want to try a static route

Definately....add a static (default) route on your firewall.

[mmelby]

I am not familiar with Checkpoint Secure Server. Does it run on NT or W2k. If it does then yes you need to add a static route in the OS not in FW1.