NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Too many host detected

Hi,

> 
>    Have anybody out there encountered this prolem ? I have a 
> FW 4.1 (running
> on Solaris 2.6 ) and I have 50 licences. I have 30 PC with 1 
> NIC card each.
> 
>    Recently I can't login to FW via console. The following 
> error apperas :
You mean login remotely, if you can't login from the console attached to the
server that's severe.

> 
> Nov  7 10:21:59 wt-iadvantagefw unix: FW-1: too many internal 
> hosts (103)
> detected
> Nov  7 10:21:59 wt-iadvantagefw unix:  (202.85.99.140
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.183.128
> Nov  7 10:21:59 wt-iadvantagefw unix: , 169.254.234.4
> Nov  7 10:21:59 wt-iadvantagefw unix: , 169.254.126.45
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.25
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.9
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.163.5
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.3
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.2
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.1
> Nov  7 10:21:59 wt-iadvantagefw unix: , 169.254.34.241
> Nov  7 10:21:59 wt-iadvantagefw unix: , 169.254.248.249
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.183.36
> Nov  7 10:21:59 wt-iadvantagefw unix: , 208.189.101.160
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.81
> Nov  7 10:21:59 wt-iadvantagefw unix: , 209.178.166.180
> Nov  7 10:21:59 wt-iadvantagefw unix: , 202.85.161.70
> Nov  7 10:21:59 wt-iadvantagefw unix: , 208.163.139.149
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.104
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.105
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.106
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.107
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.109
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.110
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.111
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.168.98
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.101
> Nov  7 10:21:59 wt-iadvantagefw unix: , 192.168.128.102
> 
> Please help. I am not sure why some external IP appears .

The firewall sees all these hosts as being internal. If you see some
external hosts among the addresses it could be something that I once had.
Check to see if none of your PCs has several interfaces or has different
addresses defined on the same interface and has IP forwarding on.
Then, when a packet reaches your PC's interface with an destination address
different from the default one, the packet will be sent back on to the
network where it is spotted by fw1 and since the packet's source address is
the address of the real external client, the fw thinks there's a new host on
the internal network and increments its hostcount.
Disable ip-forwarding for one on the destination pcs. 
Then clean the hosts tables by stopping the fw (fwstop), deleting
database/fwd.h & database/fwd.hosts and restart the fw (fwstart).
Now check with 'fw lichosts' to see if any new hosts are added after you
hopefully solved the problem on your destination pcs.

Hope this helps,

Guy Zelck 
EDS, E.Solutions Benelux 
Database- & Unix System Administrator 

Tel: +32 (0)2 - 711.39.43 
Fax : +32 (0)2 - 711.39.47  
Email: [email protected] 

               



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.