I don't have much to offer other than some ideas.
What's between the system sending the pings and the firewall? Can you get statistics from any switches or routers and see if there are problems there? Failing that, have you watched the incoming port on the firewall with tcpdump to see if the packets reported as lost by ping ever even made it to the firewall? Does the firewall never see them or does it drop/not reply to them?
What if you send traffic from the firewall or behind it out to the other subnet?
Have you tried going to the firewall's incoming port from the same subnet (same switch even), eliminating most of the networking infrastructure between the two points?
Just some ideas to try narrowing things down.
Tim.
|