PIX 515E and Symantec FW

[dasa123]

Dear all,
we have installed a PIX 515 Ver. 6.3 behind our enterprise wide FW from Symantec.
To explain our problem let' take this example:
We are allowing HTTP access only for hosts from our own company LAN.
Therefore any HTTP request from OUTSIDE is rejected as we can see it in our log.
That' fine BUT 2 or 3 minutes later the same request from the same outside client is
accepted because we see at the OUTSIDE interface now the IP address of our Symantec
FW which we trust.
Very strange!
Is there any explanation why this happens?

THX for your help!
Rainer B.

 

[ChrisAC]

Why put a Pix behind the Symantec firewall? What are you trying to achieve?

It sounds like the Symantec is port forwarding the request somehow.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[dasa123]

Thx, Chris!
It's a management decision to a have our own departement PIX.
Concerning the "port forwarding" scheme:
Why do we see at the 1st attempt from OUTSITE the correct
client IP and after 2-3 minutes the Symantec IP address as
the source for the HTTP request?

Rainer

 

[ChrisAC]

You would have to look on the Symantec firewall to answer that question.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************