I've recently tried to install a new Firewall for my organization.
I've launched into the upgrade as the existing Firewall has had some corruptions and can no longer be managed. Existing Firewall is Checkpoint FW-1 NG on Win2K and the new Firewall is Checkpoint NGX R65 running on Win2003sp2.
After days hacking the old config files to extract the object/port info and importing this into the new version I was ready to switch over last Friday night. Did the switch over and although everything seemed to be working I had major communication issues. We have our own public class B network so I don't have to concern myself with NAT.
There are four interfaces on my Firewall. Internet, DMZ, Orglink and LAN. Each interface connect to a Cisco router except for the DMZ which connects straight to my DMZ switch. The Firewall is also my DNS server. I found I couldn't resolve any addresses due to the
DNS not being able to communicate to the upstream ISP provided DNS servers. I couldn't
ping/trace to any address on the other side of the any of the routers.
When I looked at a "route print" and compared it to the old Firewall there was some differences but it looked almost identical. There were some persistent routes I had set up.
Setup looks like this
Anything that I tried to ping from the Firewall on the 188.8.131.52/22 network resulted in a "destination netork unreachable" message. Similar for internet and Orglink addresses. DMZ addresses responded to ping requests. I eventually did a "route add" for every line that was displayed in the "route print" command on the old firewall and everything started to work but this is less than desireable. I've never had to do this kind of routre addition on the old Firewall so can anyone tell me what is wrong/changed for routing on 2003?