FW-1 Unable to ping some internal hosts

[wilsons935]

I have a FW-1 FR3 system running on W2K split into three segments (Int , Ext and DMZ)

I have a rule allowing icmp - requests from any DMZ to any internal hosts with logging.

The strange thing is I am only able to ping "some" internal hosts. On others I get a request time out. The internal servers exists and I can ping them from the firewall usinf the internal segment and they exist on the same subnet as the servers that reply.

The log file shows the ping is accepted and the log file shows the same for an internal host that sucessfully replies and one that Times out.

Can anyone shed any light on this. I have checked for hidden rules, overridding rules, set log on for all rules checked NAT config for anything strange and looked at the routing table for strange routes relating to the non replying hosts but nothing seems to explain why some Internal hosts reply and some do not.

Many thanks

 

[ChrisAC]

Sounds like the hosts that don't reply don't have a default gateway set *or* have NAT rules applied to them.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[wilsons935]

Thanks Chris,

Upon further investigation at least two of the machines that do not reply are an old Netware server and a Unix box both of which don't have or need default routes applied to them in their role.

I will look into this further but looks like you are on the right track.

Many thanks