IBM Secureway Firewall 4.1

[mrivera () mminet com]

I,m pretty new to the firewall world and am having trouble setting up Secureway
on NT.  Our goal is to migrate an existing (working) AIX IBM eNetwork firewall
v3.2 over to NT running Secureway 4.1.  I've installed NT server, DNS services,
SP5 and the firewall config client.  I manually recreated all of the rules that
I simply documented from the AIX firewall.  I have three interfaces: World, DMZ
and Secure - all are configured with the same IP addresses as our existing AIX
firewall.  I've recreated the routing tables on NT.  On the AIX firewall, we
somehow had it configured so that we did not need an internal DNS server - DNS
is our secure interface on the firewall.  With NT's version we're going to
require an internal DNS server, an external DNS server and the firewall itself
will act as a "cache-only" DNS server.  When I bring our exisiting Firewall down
to test the NT firewall, this is what I get:

With rules deactivated:

I can ping our AT&T router - World
I can ping our DMZ
I can ping both network segments on ou secure side
I'm not able to ping beyond AT&T router to an address that a friend has ping
enabled from outside world - I'm not sure if I'm supposed to be able to do
this???


With rules activated:

I'm able to ping both network segments on our secure network
I'm NOT able to ping AT&T router
I'm NOT able to ping DMZ

I thought maybe it was a DNS problem - we just setup a DNS server and tried
using it with this Firewall.  A friend suggested that DNS would not be the
problem if I was not able to ping addresses beyond our AT&T router that allowed
pings from outside.  He gave me an address of his to test this.  Since ping was
unsuccesful - I haven't a clue where do go from here.  Help!