1. Home
  2. Networking Firewalls
  3. CheckPoint DMZ Problem

CheckPoint DMZ Problem

Nokia IP330 box running CheckPoint R55.

have been running this for some time, with 3 web servers in the DMZ which all, operate without problem.

Now I want to add another server to the DMZ, but am having problems.

I can ping on the DMZ network to and from the new server, but the new server cannot access the internet.

If I give it the same IP as a working DMZ server, then it accesses the net fine, so I know it's not a server config issue.

I have checked and re-checked the firewall config to check that the new server's IP is allowed to connect to the internet, and it is part of the same rules as the other (working) server.

Is there something somewhere I am missing to limit the IP's in the DMZ that can talk 'out'?

I didn't set the DMZ up, so am not too clear on what's what.

Reply to
K
Loading thread data ...

Is NAT set up for the new server object?

Reply to
chris

No, NAT is not set up for any of the server objects.

Reply to
K

So these servers are configured with live IP addresses then and not RFC1918 addresses?

Chris.

Reply to
chris

The servers have private addresses on the 192.168.x.x range and there is a translation table entry to translate the public address to th eprivate one.

Reply to
K

So NAT is set up then. Did you set up a manual proxy ARP entry using Voyager? If you did not set up NAT on the server node object and you did not configure the object to use Hide NAT, you must set up a proxy ARP entry manually.

If you set up NAT on the server node object, then the proxy ARP entry is set up automatically.

Ray

Reply to
JJ

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.