Afternoon all,
I wondered if any of you could cast your eye over this.
We have, at the moment, 4 firewalls.
We'll call then 01-04 for the purposes of this.
01 is being retired and has had all server based traffic moved to 03, and is in the process of having all client traffic moved to 02.
04 is based on a different product to the other three and provides a site-to-site link to another site.
The problem i have is with the remote site.
As most servers use 03 as their gateway, they cant get any traffic back from servers that use 03, but if i set the same servers to use 04, works fine.
What i want is a nice simple way of cleaning this all up.
My options that i can think of:
Ideally i'd like to keep it as-is as its an ideal, in my eyes, way of doing it however according to a MS knowledge base article, the lack of routing from 02/03 to 04 is a known issue and cant be resolved: http://support.microsoft.com/kb/888042/en-us
Traffic error off 02/03 logs as "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer."
Any thoughts?
Thanks in advance.
##EDIT##
Just noticed, if i set the gateway to 01, which is 6 years old now....everything works fine! lol. Gotta laugh!
I wondered if any of you could cast your eye over this.
We have, at the moment, 4 firewalls.
We'll call then 01-04 for the purposes of this.
01 is being retired and has had all server based traffic moved to 03, and is in the process of having all client traffic moved to 02.
04 is based on a different product to the other three and provides a site-to-site link to another site.
The problem i have is with the remote site.
As most servers use 03 as their gateway, they cant get any traffic back from servers that use 03, but if i set the same servers to use 04, works fine.
What i want is a nice simple way of cleaning this all up.
My options that i can think of:
- Retire 03 as well and move all servers to 04 (however losing an extra layer of auth that 03 offers (its TMG based)).
- Find a way to get the site-to-site working with TMG on 03.
- Have only 'Core' servers point at 04, with the remainder looking at 03.
- Give up, go home.
Ideally i'd like to keep it as-is as its an ideal, in my eyes, way of doing it however according to a MS knowledge base article, the lack of routing from 02/03 to 04 is a known issue and cant be resolved: http://support.microsoft.com/kb/888042/en-us
Traffic error off 02/03 logs as "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer."
Any thoughts?
Thanks in advance.
##EDIT##
Just noticed, if i set the gateway to 01, which is 6 years old now....everything works fine! lol. Gotta laugh!
Last edited: