Update: Checkpoint Blocking Solaris

Andrew_Rotramel_at_cch-lis.com
Date: 07/30/04

  • Next message: Andrew_Rotramel_at_cch-lis.com: "SUMMARY: Checkpoint Blocking Solaris" 
    To: sunmanagers@sunmanagers.org
Date: Fri, 30 Jul 2004 11:54:27 -0500

    Thanks for the many, many responses. The main thing that is clear is that I
    did not describe the problem well enough.

    1. DNS seems to work, meaning nslookup works. I get compatible info whether
    I do nslookup domain or nslookup IP. I can browse to the addresses I get
    from the DNS server.

    2. I had no trouble browsing by name before the security folks installed
    the Checkpoint firewall

    3. the DNS servers are inside the Checkpoint firewall

    4. There are Windows boxes, mostly Win2000, on the same subnet, using the
    same DNS server, and they have no
    problem at all.

    5. I do not have a proxy server configured in my browser

    6. My /etc/resolv.conf and nsswitch.conf files are configured correctly.

    7. I have done some nslookup searches on names that I don't think would be
    in the DNS server cache, namely the domains that many of the initial
    responses came from, and I get non-authoritative resolution on them all.
    That tells me that the DNS server is probably getting beyond the Checkpoint
    firewall.

    8. traceroute and ping are both disabled at our routers

    One bit of summary I will do now is say that no one has ever heard of this
    sort of problem with Checkpoint.

    Andrew_Rotramel@cch-lis.com@sunmanagers.org on 07/29/2004 04:59:11 PM

    Sent by: sunmanagers-bounces@sunmanagers.org

    To: sunmanagers@sunmanagers.org
    cc:

    Subject: Checkpoint Blocking Solaris

    I have already checked the archive and Google.

    My security folks installed a Checkpoint firewall on Nokia hardware this
    weekend, and now my desktop Solaris 9 box can no longer get to URLs on the
    other side of that firewall. It can, however, get to IP addresses on the
    other side of the firewall. This means that I can't browse to www.sun.com,
    or ftp to ftp.sun.com, but I can browse to 209.249.116.195 or ftp to
    192.18.99.146. Unfortunately, most web sites don't work that way. My
    security folks seem to have no idea how to fix this, but one of them
    thought there was a Checkpoint glitch involving Solaris boxes. So, anyone
    solve this one?

    Andrew Rotramel
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
     http://www.sunmanagers.org/mailman/listinfo/sunmanagers
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Andrew_Rotramel_at_cch-lis.com: "SUMMARY: Checkpoint Blocking Solaris"

    Relevant Pages

    • SUMMARY: Checkpoint Blocking Solaris
      ... Subject: Update: Checkpoint Blocking Solaris ... from the DNS server. ... the DNS servers are inside the Checkpoint firewall ...
      (SunManagers)
    • Re: Some DNS server names will not resolve using internal servers
      ... I have done all the nslookup commands. ... All of our external ISP DNS ... Is there a trace i could do on the DNS server to tell me what is happening? ...
      (microsoft.public.windows.server.dns)
    • Re: Outlook 2003 wont verify Exchange account
      ... Interestingly enough..I ran nslookup on the machine and I did get an error. ... I found that my DNS server was configured a little strangely. ... If you open the 'Network Connections' folder then select the ... > The web has plenty of info for using this command as its not a Microsoft ...
      (microsoft.public.exchange.admin)
    • Re: W2K3 Enterprise R2 servers not accessible
      ... "Are you able to resolve their IP addresses using ... I have gone to a DOS prompt on my server in Domain B. I type nslookup and ... it now brings back the DNS server information. ...
      (microsoft.public.windows.server.dns)
    • Re: Extend existing domain to a new DC build at a branch office
      ... here's exactly what I've been putting into NSLookup and what ... works -- it checks for a reverse record for THE DNS server you ... Term Services to access other member servers in Toronto to perform ... Chicago DNS ...
      (microsoft.public.windows.server.active_directory)