Firewall Wizards mailing list archives

Re: Help!

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 19 Jul 1999 11:24:17 -0700

   I am a CheckPoint firewall-1 user, the software version is 3.0b,
and Operation System is Solaris 2.5.1,on which I have a 250 user license.
Behind the firewall, I have several C class networks connected with cisco
routers,but total nodes behind the firewall are less than 250.
   I have got this kind of messages many times,can anybody tell me why?
and how can I solve this problem?

   Jul 2 09:57:22 firewall unix:,202.96.182.34
   Jul 2 09:57:22 firewall unix:,128.63.2.53
   ......
   ......
   Jul 2 09:57:24 firewall unix:).Contact your Firewall-1 reseller.

  The messages which surprise me most is that most of the IP address in
the messages are not in the intranet but a valid address of the Internet.


Several questions for you:

-Do you have the anti-spoofing turned on?
-Are your users prone to bringing up weird addresses
on your net?
-Do you have the external interface (the one that doesn't
count addresses) set correctly?  The version I use doesn't have
it, but... I think it's set in (default directory) /etc/fw/conf/external.if.
Can be set via fwconfig.
-Have you checked the FAQs:
http://www.phoneboy.com/fw1/
http://www.dreamwvr.com/bastions/FW1_faq.html
http://www.us.checkpoint.com/~joe/
-Have you tried the FW-1 mailing list?
http://www.checkpoint.com/services/mailing.html

Not trying to be insulting with the last couple, just trying
to provide resources you might not be familiar with.

                    Ryan

Current thread:

Help! ppp_mail (Jul 19)
- Re: Help! Brett Eldridge (Jul 19)
- <Possible follow-ups>
- Re: Help! Ryan Russell (Jul 19)