James Mackinnon wrote: > This is a second issue that I had today with my final BSD firewall > rollout in my main center. > > This issue was with exchange > > All branches have VPN tunnels back to central location and the > firewall rules have a pass quick over the VPN tunnels > > On the main location I have a > > pass quick log inet from <staffsegments> to <exchangeservers> keep > state > I also have a > pass quick log inet from <exchangeservers> to <staffsegments> keep > state > > The firewall has approx 21000 states and is running pretty good > overall. > > The traffic is listing as pass but yet the connections are not > working from any location. > > This system is basically a carbon copy of another location that works > perfectly with exchange and the system worked 100% when behind > checkpoint with no changes to the servers to move them behind BSD. > > I have looked over the tcpdumps and I didn't see any blocks > > From within the same location on the Staffsegment off of this same > firewall it works fine. I would be using the same rules as the remote > branches so it makes me think its something with the tunnels but not > really sure at this point > > Any direction would be great.. For now, I had to back out and put > junkpoint, I mean checkpoint in place.
Without dumps, I'm not sure what to think, but if you are using VPNs, you might want to look into possible MTU/MSS issues.
