[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] incorrect reply from server (seq or subject mismatch)

To: "'Jesus Calvo Hernandez'" <[email protected]>, [email protected]
Subject: RE: [FW1] incorrect reply from server (seq or subject mismatch)
From: "McMeekin, Scott" <[email protected]>
Date: Tue, 17 Oct 2000 10:57:39 -0000
Sender: [email protected]


This is an interesting one I've been wrestling with for some time. The
management server doesn't store the rulebases seperately (well it does
actually, as .W files, but the firewall software processes these into a
combined .fws file). When the .fws file becomes too large, some kind of hard
coded limit within the GUI software appears to kick in and you get timeouts
and the error you mentioned. Sometimes policy pushes from the GUI will fail
as a result.

What I've worked out (and to be fair, phoneboy's had a resolution for this
for ages) is that if I keep about the last three policy saves for each
firewall, I have enough copies to be able to back out the last few changes,
and the problem appears to go away. Having said that, these days I have a
lot more firewalls, and the problem came back (especially when doing policy
pushes remotely over a modem link). The workaround I use is this: when
pushing a policy and you get a timeout, watch the modem lights - don't OK
the message till the activity has stopped. I believe this gives the GUI
enough time to finish saving the rules/objects etc. When you're happy the
activity has stopped, OK the error dialog and it'll work fine.

Until Checkpoint get their finger out and fix this it'll continue to blight
an otherwise superb product. What I can't understand is the fact that this
problem has been in the GUI software for over a year now. *grumble*

Scott.

-============================-
 Scott McMeekin (x25086)
   Senior Technical Analyst
         IT Telecoms
  The Royal Bank of Scotland
  Phone: +44(0)Email: [email protected]
-============================-

> -----Original Message-----
> From:	Jesus Calvo Hernandez [SMTP:[email protected]]
> Sent:	Monday, October 16, 2000 7:00 PM
> To:	[email protected]
> Subject:	[FW1] incorrect reply from server (seq or subject mismatch)
> 
> 
> *** Warning : This message originates from the Internet ***
> 
> Hi all
> 
> From some time ago I�ve been  seeing this message at compiling/installing
> a policy on my firewall module.It happened when I had only one machine for
> managemente and firewall, so I thought it was a load problem. Some time
> after I upgraded my firewall system  (now I�ve got two machines: one
> manager and one firewall module) and then it began  working fine again for
> some time. 
> 
> Now that the number of rules have grown I�m watching this blooded message
> again. I think that it can be a problem of load in the firewall module,
> which is very busy when I try to push the policy from the management
> console and it does not accept more load.
> 
> Has anyone ever encountered this problem?
> 
> If so, has anyone ever resolved it? How can the machine be hardened if it
> is a load problem?
> 
> Regards and thanks in advance
> 
> ------------------------------------------------------------------
> This email is confidential and intended solely for the use of the
> individual to whom it is addressed. Any views or opinions presented are
> solely those of the author and do not necessarily represent those of Sema
> Group. 
> If you are not the intended recipient, be advised that you have received
> this email in error and that any use, dissemination, forwarding, printing,
> or copying of this email is strictly prohibited.
> ------------------------------------------------------------------ <<
> File: ATT394746.htm >> 


The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.

The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority.

This e-mail message is confidential and for use by the addressee only.  If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.

'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.'


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Rule with range of ports
Next by Date: [FW1] How to block MSN Messenger
Prev by thread: [FW1] incorrect reply from server (seq or subject mismatch)
Next by thread: RE: [FW1] incorrect reply from server (seq or subject mismatch)
Index(es):
- Date
- Thread