[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] 'Exceeded allowed number of internal hosts' while not t rue.
Seb, > > Guy, > I suspect the problem is somehow linked to having > rules applied > eitherbound, although exactly how I'm not sure. Can you try an 'inbound' only situation? I'll try that next time for a while just to test. > I've just > seen your second > reply about the problem arising in SP2, although one of my > Firewall's is > currently SP1 (I'm seeing the problem on both FW's, one SP2 > and one SP1). I > did upgrade it to SP2 and then had to backout to SP1 after > the VPN became > incredibly unstable, Worth noting. so it may be that the downgrade to SP1 > did not remove > the bug encountered perhaps ? This makes me doubt my reseller's answer somehow. I find it strange also that there's no mention of this on the Checkpoint site or is there? Let's see if they come up with a valuable hotfix. > > Thanks for your help so far. > > Regards, > Seb Mills > > At 14:33 24/11/2000 +0000, you wrote: > >Hi Seb, > > > >Thanks for your reply, it's allways good to know one's > problem doesn't go > >unnoticed. > >I'm still in the process of finding an answer I must say, my > local vendor's > >support is lousy. > > > > > I've come across this and am also looking for an > > > answer. Do you > > > have your rules applied to the interfaces 'Eitherbound' or > > > only 'Inbound' ? > >It's eitherbound. Is that what you have? > > > > > > > > I have found that fw lichosts also produces the same result, > > > just one entry > > > which actually looks like a log entry. I've found this > > > packet appears in > > > the log at the same time the ctl entry complaining about > > > licensing shows > > > up. I thought lichosts was meant to simply show a list of all > > > protected IP > > > addresses ? > >No, it's meant to find out if you didn't surpass your > licenced amount of > >internal hosts so it counts everything that appears to be > inside. But in our > >case it makes wrong guesses as to the host IP addresses. Or > maybe this is > >done for a reason; but which one? It's a shame it's not at > all documented. > > > > > > > > Deleting /database/fwd.h and fwd.hosts and restarting the > > > service obviously > > > clears the table, but still the problem reoccurs. > >If the host: field would only contain real internal hosts it > would mean that > >we need a bigger license. But in our case, deleting this > from time to time > >is the only solution for the time being. > >Mind you I know of one possible case where this filling up > of the hosts > >table can occur (but this is not my case now): If you have a > server with 2 > >interfaces and all incoming traffic comes in to one but is > meant for the > >other, the 1st interface will try to forward them to the 2nd > by putting the > >packets back on the internal network and this causes the fw > to count the > >source of the packet (a real external client) as an internal host. > > > >Let's hope for a solution. I'll send it to the mailing list > if I have one. > > > >Guy Zelck > >EDS, E.Solutions Benelux > >Database- & Unix System Administrator > > > >Tel: +32 (0)2 - 711.39.43 > >Fax : +32 (0)2 - 711.39.47 > >Email: [email protected] > > > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|