NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: [FW1] Assistance Needed: Three Problems with Nokia/Checkpoint





-----Original Message-----
From: [email protected] [mailto:[email protected]] 
Sent: 16 October 2000 18:59
To: [email protected]
Subject: RE: [FW1] Assistance Needed: Three Problems with
Nokia/Checkpoint


Youll find a good desciption at www.phoneboy.com for error nr. 1
Youll find a hotfix at Nokia for error nr. 3 if you search their knowledge
base for ' internal ' 

 -----Original Message-----
From: 	[email protected] [mailto:[email protected]]
Sent:	den 16 oktober 2000 19:41
To:	[email protected]; [email protected]
Subject:	RE: [FW1] Assistance Needed: Three Problems with
Nokia/Checkpoint



Gordius of Phrygia,

2) I'd check the interface setups for the firewall and switch.  I have had
loads of problems with "auto-negotiation" of speed and duplex coming up with
different settings.  Lock them down to 100Mbs/Full-Duplex if supported.

3) Which interface did you licence?  I have seen the "error" message saying
"Only 25 Hosts Allowed" is just info to let you know the size of your
licence.  But if you have licences the internal interface, I reckon it will
count the external IPs as being protected.

-----Original Message-----
From: Gordius of Phrygia [mailto:[email protected]]
Sent: 16 October 2000 15:50
To: [email protected]
Subject: [FW1] Assistance Needed: Three Problems with Nokia/Checkpoint



Hi all,

We have just installed a Nokia/Checkpoint firewall internally for testing
prior to real deployment, but we're having three fairly major problems:

1) A *HUGE* number of "unknown established TCP packet" errors logged
(packets dropped with reason Rule 0).  The TCP connections this happens to
include HTTP connections ("internal" net to "DMZ" net and DMZ to
"external"), as well as telnet and SSH connections.  There is ABSOLUTELY,
POSITIVELY no possiblity that these are bad (bad as in "evil
cracker-originated") packets attacking this system.

2) Connections hanging and dropping.  Again, this happens to telnet, SSH,
and HTTP connections; they just stop responding, hanging for a few seconds,
and the either resume, or simply hang forever.  I've started to call this
the "narcoleptic router problem"....

3) Alerts of "too many hosts on internal net": we have a license for 25
hosts, and the external.if file correctly points to the "external"
interface, and FW-1 correctly reports the external interface as it starts at

boot time.  I have removed fwd.h and fwd.hosts from the database directory,
but this didn't help; it dropped the number of hosts back down to zero, but
the "external" hosts reported once again began its relentless march upwards.

  When I get the "external" host addresses from /var/log/messages, I see
that the IP's reported are all reached over the external.if interface: thus,

I can't see why FW-1 thinks that these hosts are internal to begin with.
Curiously, the IP lists in the "too many hosts" log messages always end with

exactly ONE internal IP, and always a different internal IP.....

Any help would be *GREATLY* appreciated; this install is getting really
behind schedule.....

Our FW-1 version is version 4.1 strong, SP2, IPSO 3.2, running on a Nokia
IP330.  A curious thing I just noticed: at boot, we always get TWO messages
in the log of "Only 25 hosts allowed" at the startup of FW-1; these messages

are always back-to-back, and happen right at boot.

Thanks in advance!
-frank
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


----------------------------------------------------------------------------
--
-----------------------------------------
This e-mail is intended only for the above addressee.  It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it.  If you have
received it in error please delete it and immediately notify the sender.

evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
England, number 2065.  Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH.  Registered in Scotland, number 95237.  Telephone
No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.

Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
----------------------------------------------------------------------------
--
-----------------------------------------


============================================================================
==
==
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
==
==



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.