Vista/Windows 7 computers can't get out with new SSG5 firewall

jams · 11-06-2009

I was previously using a Netscreen 5GT and was having hardware issues so we got a new SSG 5 (screen os 6.1 R2) to replace it. It is set up in Transparent mode with the same basic policies as the previous firewall.

After it was put in place my Vista and Windows 7 machines cannot connec to the network. They get their DHCP info and can ping and view web servers within the subnet but as soon as you try to ping out or view anything outside the subnet they die. Vista and Windows 7 both give an unidentifiable network or no network connectivity error.

XP machines work perfectly fine.

The firewall is set up to all everything outbound on any port from V1-Trust and I've even set up policies to allow everything inbound on V1-Untrust on any port to a couple of the windows 7 boxes just to rule out any errors. Still no connection.

Anyone seen this or know what is different with Vista/WIndows 7?

arizvi · 10-21-2008

Hi,

Please compare the IP address and it gateway on XP and Vista , you may find some clue of the issue.

You can also run the ethereal or wireshark when sending the ping packet , it will show all arp and Ip info from sender and reciveer.

ALso , youfind the clue of the issue by colectting data on the firewall and paste the output :

) set ff src-ip x.x.x.x dst-ip y.y.y.y

2) set ff src-ip y.y.y.y dst-ip x.x.x.x

3) debug flow basic

4) clear db

Now run the SSH or telnet test

5) Press "ESC" to turn off the debug

6) get db stream ( it will give the output of the buffer

Vista/Windows 7 computers can't get out with new SSG5 firewall

Re: Vista/Windows 7 computers can't get out with new SSG5 firewall