NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Firewall-1 License Violation



Hi there, I am looking for help on a strange problem we are having with our
FireWall-1 implementation.  First, we are running two FW-1 4.1 SP2 (Firewall
Only Modules) on two Sun E250's with Solaris 2.6.  Our E250's are also
running Stonebeat FullCluster 2.0 in a load balancing configuration.   We
are using FireWall-1's automatic destination address translation to allow
connectivity to an internal server from the Internet and correspondingly
configured the same NAT in our Stonebeat configuration.  Now for our
problem; from time to time we are receiving a 'License Violation' warning
from FireWall-1 (we have a 50 node license).  When we run 'fw lichosts' we
see entries listing Internet source IP's as internal hosts - we cannot
comprehend how this can be so?  We referred to our FW-1 manual and verified
that we have no cabling issues (no alternate paths from the outside world to
our internal network or vice-versa!) and checked our FW-1 logs to verify if
Internet sources are arriving on our external interface.  Also, we verified
that we have the correct device name specified in 
$FWDIR\conf\external.if.  What further compounds the problem is that it
seems that only on occasion will Internet sources be seen as internal hosts
- why?  Could this have anything to do with our NATing?

I was wondering if anyone in the FireWall-1 community has experienced this
or something similar to it before - your help would be much appreciated!
Thank-you.


Regards,
Sergio Di Geronimo
Network Analyst 
Siemens Business Services
[email protected]



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.