[fw-wiz] [fw-wiz]: unable to ping behind the firewall

From: Hilal Hussein (hilalma_at_hotmail.com)
Date: 12/08/03

  • Next message: rainer.ginsberg_at_basf-it-services.com: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to Nokia/Check Point firewall"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 08 Dec 2003 11:10:29 +0000
    
    

    Hello list,
    I have a problem, and would like to take your comment, feedback, and
    guidelines about how to resolve it.
    I have a network with the following setup : ISP router connected directly to
    a 3 com 16 port switch in our network, and this switch is connected directly
    to a cisco pix firewall.
    so, we are getting internet access throught the firewall then switch then
    isp router ...

    from our network,we can browse the internet, telnet, msn, chating, but I
    CAN"T do ping any
    nternet host (like yahoo, or cnn) and also some users can't access the
    internet web based BANK LOGGIN ACCOUNT like https, and maybe other internet
    services!
    notice that :

    1 - All oubound tcp & udp ports including the 443/TCP (outbound) port are
    Open t on the firewall.

    2 - Our internet PC's are mostly winxp professional, only few are windows
    98, and all are security patchedand the IP addresses belong to the private
    subnets.

    3 - Our network has been infected and still infected by a virus that is
    using one of the
    pc's to generate lots of arp traffics which is affecting the whole network
    throughput.

    4 - my firewall is not blocking the icmp as:
    - conduit permit icmp any any
    - outbound permit x.x.x.x. x.x.x.x (internal network) icmp

    i already consulted the ISP, they did not block the ICMP request/respond
    packets. Even other customers connected to the same router of the ISP are
    able to do the ping but we can't.

    also i am unable to even ping the ip address of the router of the ISP!

    i would like to know if this is causing the unavailability of ping and https
    services? in other word, does flooding (if it is flooding) the arp table of
    the firewall wil cause this problem?
    suppositely that it is not because of firewall, could it be because of the
    switch ?

    Moreover, I am using the Kiwi Syslog Daemon software to audit logs of the
    pix firewall, but it is not giving anything on the screen as it is saying
    "unable to open UDP socket on port 514".
    And i am running kiwi on a winxp PC.
    Please tell me, is this issue related to the aboved mentioned issue or what?
    if not, how to resolve it, knowing that i installed Fport and it showed me
    that udp port is already used by the sytem, with no service name mentioned.

    I wish you are not confused with these junk of issues, maybe it is related
    maybe not, but all i want to say that it happened all at once, and i am not
    able to figure out what could be the resolution steps.

    thanks for any future input, and i really appreciate comming out with a
    solution.

    with regards,
    Hilal

    _________________________________________________________________
    Tired of spam? Get advanced junk mail protection with MSN 8.
    http://join.msn.com/?page=features/junkmail

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: rainer.ginsberg_at_basf-it-services.com: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to Nokia/Check Point firewall"