checkpoint can not ping

[go6]

Hi
I have NG FP2 installed on sun box with solaris 8. it has 6 interfaces:
172.16.10.253/24 e0 to LAN
192.168.10.253/24 e1 to heartbeat for stonebeat
12.x.x.253/24 qfe0 to WAN
10.1.2.253/24 qfe1 to inside network
10.1.3.253/255.255.255.240 qfe2 to PTZ
10.1.4.253/24 qfe3 to DMZ

After I installed FP2 and i can't ping to the firewall box from other machines in the same subnet as 172.16.10.0 and 10.1.2.0. But i can ping from sun box to other machines on the same subnet. As i can't ping to the sunbox, i can't connect to it using policy editor.
When i boot the sun server, at some point before check point gets loaded, pings are successful.
I didn't install the stone beat clustering software yet.

Thanks for your help

Thanks
Pran

 

[Sudarsan]

Hi pran,

Check the rule where you have the echo group and try to put that rule at the top because it may be stopped by some other rule or implicit. check and get back....

TPS

 

[rn4it]

Hi pran,
If possible, look at your logfile, it should tell what rule your pings are being dropped on. You could filter the sun box as the destination, might make your job easier.

 

[brianpaterson]

It must be checked in your Global properties under implied rules. Check the box for accept ICMP requests.

This is not required for the policy editor as it operates over port 18190. Add your IP as a GUI client, using cpconfig locally on the box unless you have netop or suchlike installed. Ensure you have a rule to allow your IP to talk to the box and hey presto. No need for ping.

If you ping the firewall it wont respond, but you will get an ARP entry for it if there is network connectivity. Check your ARP cache. B-)
Brian, CCSE
brian@domain-integrity.com