RE: Disable ICMP redirects

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Toby (Toby_at_discussions.microsoft.com)
Date: 08/18/04 

Date: Wed, 18 Aug 2004 10:17:03 -0700

What it sound like you need to do to have the firewall only see the server is
set-up ISA server, install a 2nd network card, and completly redo the network
set-up, that way all internet requests would be processed through the server.
 Right now the server is redirecting the clients to the firewall because (I
assume.) that the server's gateway is the ip for the firewall, (10.0.0.250).
Quite honestly it would be easier and less time consuming to buy the licenses
for the firewall.

"Steven Laverty" wrote:

> I have 20 users connecting to a sbs 2003 (10.0.0.1) server
> as their default gateway. The SERVER's default gateway is
> (unfortunately) on the same lan, this is a sonicwall
> (10.0.0.250).
>
> The sonic is complaining that all its 10 lan licenses are
> used up and only about 10 users can access the internet.
> So it seems to me that the sbs server is doing icmp
> redirects for the lan clients saying "look, next time you
> wanna go to the internet go to the sonic directly" and
> thus it uses up a license needlessly.
>
> I want it so that the sonic only sees one lan client and
> that is the SBS server, without redesigning the lan
> (either physically or via subnetting) as we have a vpn
> setup that works using this design and cannot change the
> setup.
>
> I presume the SBS is doing the redirects. There is a reg
> fix for this ie KB293626 but I tried both versions and
> neither worked.
>
> Has anyone got any ideas ? Cannot afford the additional
> sonic licenses. Sonic suggest telling the firewall to have
> a rule only allow access from SBS but that will probably
> kill off all internet access . . . . will try asd a last
> resort.
>
> Regards,
>
> Steve
>

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: SMTP will not connect
    ... This webserver is outside of my office LAN. ... I have no idea how to see what's in the firewall, ... The server allows email sending and it receives emails. ... > That doesn't mean Exchange isn't being a mail server. ...
    (microsoft.public.exchange2000.admin)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Security, Distributed firewalling application...long ;-)
    ... > redirected to internal IP space DMZ server running web-apps ... Do note that that's a lot of services to offer inside the LAN (instead ... firewall configuration, can be used to 'persuade' it to). ... Running an IDS on the local network. ...
    (Focus-Linux)
  • Re: Dual NIC Default Gateway Configuration
    ... This firewall opens ports for e-mail, ... The workstations on the LAN, ... The Windows 2003 SBS in question serves multiple ... mail server will bind to that IP address and that IP ...
    (microsoft.public.windows.server.sbs)