Checkpoint Firewall - weird issue

[andy1971]

Hello,

Has anyone ran into this problem? I'm running NGAI R54 in a cluster on Nokia IP530 with VRRP. Currently having a problem with one particular user. He is unable to access our webpages even though I'm seeing traffic passing through the firewall.

He is able to trace route to the websites and nslookup resolves normally. Proxy arps on both Nokia boxes are correct as well the internet router.

However, when I placed another device outside of the firewall he has no problem connecting to it.

Does anyone have any suggestions? Any help is much appreciated.

Thanks in advance.

 

[rn4it]

Found the problem, It seem that the switch we use in our DMZ has a arp table which doesn't clear out aged mac/IP addresses. So what was happening was this table would fill and when the server would attempt to find who is x.x.x.x IP address there wouldn't be a reply since the switch didn't have it in it's arp table. To correct it I had to set an aging timer on the table from 0 to 5minutes. Since then we haven't had any issues.

thanks