Trying to connect to Old IP addresses

[lanceja]

I have a Symantec 6.5.2 Enterprise Firewall. Every once in a while I get the following message:

nbdgram[80609410]: access denied for XXXXXXXXX.cfrcharlotte.com to 100.100.100.11 [default rule] [no rules found]

XXXXXX = name of computer.

We changed our IP addresses from the 100 network to a 10 network over a year ago. I am getting this notice from numerous computers. (computers that were on the network before the change and computers that were setup after the change)

I have checked with Symantec and of course it is a Microsoft problem. And the last thing I am going to do is spend $300 to ask Microsoft a question that the answer will be it is a Symantec problem.

If anyone has an idea where this is coming from it would be greatly appreciated.

Thanks
Jeff Lance

 

[rene1000]

it might be a wrong static route in your firewall. you can try to remove the wrong route(s) or reinstall your firewall (including the OS). you can view the routes with the "route print" command at the command prompt.

 

[lanceja]

I will check this again but I have looked at the route print on both my firewall and my Primary and Backup Domain controller. There was nothing there the last time I looked. I have looked at Registry settings on everything also. The firewall itself is a new computer that was built about a year after the IP address change.

Thanks for the suggestion.

 

[ansellrk]

I have a similar problem... I am creating a rule to allow me full access out through the firewall (Symantec 7.0) but when I try and use http, or ping or ftp (all of which I have enabled from my IP address to Universe*) I get the error...

http[xxxxxxxxxx]: access denied for XXX.XXX.XXX.XXX to cleveland.test.com [default rule][no rules found]

I HAVE created a rule..! and saved the configuration... HELP!! please

Thx

Rob

 

[billhome]

lanceja,

What you are seeing is not a firewall problem. Requests are coming in from internal machines for that address. No doubt in your changing the clients there is still reference to the old address. I would take on of the hosts that is generating this error message and go through it's network settings.

ansellrk,

I would verify that you created the rule correctly. Make sure you have interfaces specified on the rule.

 

[captnstiles]

net bios datagram is a windows issue not RAPTOR.Are you running WINS, DHCP, DNS, LMHOSTS? If not look at the host file on RAPTOR then look at the host files on the clients. You will find a reference somewhere leading to the response you are recieving.

 

[ansellrk]

Hello all,

We have found that we have a 'bug' with our version. What is actually happening is that everytime you make a change, although the configuration file is updated the firewall does not implement the change. Symantec are looking at this for us, but in the meantime they have suggested that we reinstall the firewall from scratch again. This particular installation had been upgraded from 6.5.1 to 7.

 

[lanceja]

captnstiles,
I have looked at the hosts files, the lmhosts files and even did a search in the registry of the computers plus on my Domain controller. My Domain controller is also the DHCP and WINS server.

There is nothing that shows the old IP addresses. For now I am not worried about it beyond it just adds messages to the firewall logs.

Thanks for the help.

 

[ansellrk]

Hello again all,

Rebuilding the firewall from scratch fixed the problem... Great!