please find the attached network setup, and we can connect the server from Internet FW, but not from Internal FW, after troubleshooting, it turned out that the traffic from Internal FW to the server will go to server directly without passing through Internet FW, when the traffic passing back from server, it will go to Internet FW first, since there is no session in the FW, the traffic being denied. in the routing table of the firewall, it shows:
"C 172.16.24.0 255.255.255.0 is directly connected, DMZ"
and I want the traffic to server show reach the Internet FW first so I add
" route dmz 172.16.24.22 255.255.255.255 172.16.24.3".
but the testing still not successful, can sB. have the solution for it?
by the way, before I added this route, the deny message is :"2 Jun 03 2008 00:29:58 106001 172.16.24.22 172.16.3.50 Inbound TCP connection denied from 172.16.24.22/443 to 172.16.3.50/1507 flags SYN ACK on interface inside"
after I added this route, I got another error msg:
2 Jun 03 2008 00:29:58 106001 172.16.24.22 172.16.3.50 Inbound TCP connection denied from 172.16.24.22/443 to 172.16.3.50/1507 flags SYN on interface inside"