6
Why can’t I ping through the firewall?
ping
is an Internet Control Message Protocol (ICMP) message type, not a TCP message type. ICMP
message types are not allowed to run through the firewall. A tunnel can be created to pass ICMP, but
this is not recommended. Tunnel creation is described in the
Eagle NT Configuration Guide
.
Can I put a firewall between a Primary Domain Controller and a Backup
Domain Controller, or between trusted Windows NT domains?
Yes. You do this by creating a local tunnel.
FTP and Telnet are fast, but HTTP is slow. Why?
There are various reasons for this problem. First, make sure you have the latest version of the
software and all the latest patches. Determine if there is a reverse DNS lookup problem (HTTP is one
of a few TCP/IP applications that does a reverse DNS lookup). Many HTTP servers perform a reverse
DNS lookup to log the TCP host name that is requesting a connection.
Can I mount a share to the Web server outside the firewall?
Yes. See the filter descriptions in the
Eagle NT Configuration Guide
.
Can I put a Web server inside the firewall?
Yes, but the internal address for the Web server must be advertised outside the firewall, or you must
use a virtual address.
Troubleshooting Techniques
Do the following to troubleshoot the configuration and operation of the firewall:
u
Consult the support section of Raptor’s Web site at
www.raptor.com
.
u
If connecting to an outside Web server (for example,
www.intergraph.com
) does not work from
an inside client, try connecting by its IP address. If the IP address works, it is probably a DNS
problem. If the IP address does not work, check the firewall logfile. If there is no entry for the
attempted connection, there is a routing problem. If there is a log entry, there is not a valid
allow
rule. Create an allow rule as described in the
Configuration Guide
.
u
Try
ping
ing an outside Web server (for example,
www.intergraph.com
) from the firewall. If
this does not work, but
ping
ing by address works, there is most likely a problem on the
internal
DNS server; you’ve configured a dual-zone DNS (described in the
Eagle NT Configuration
Guide).
The query from the firewall should go to the internal DNS server. (Remember that, for
Eagle NT to resolve internal DNS names, it must query the internal server.)
Since the internal DNS server will not find an entry for the outside Web server, it will forward
the request back to the DNS server on the firewall. The firewall then queries a root server.
When the firewall receives the response, it forwards it back to the internal DNS server, which
then sends the results back to the firewall.
u
Always make sure you have the correct version of software and all the latest patches.
Summary of Contents for InterServe Firewall
Page 1: ...InterServe Firewall Quick Start Guide January 1998 DSA077920...
Page 4: ......
Page 12: ...8...