NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Cannot install compiled rules



Thanks but Geekgirl's solution worked:
I cut the names of a time objects that were longer than 12 chars.

On Wed, 27 Dec 2000 17:42:54 -0500, Rob Plaenk  wrote:
>Solution: What are problems when trying to Installing a large
>security
>policy (hundreds of rules) (3.823)
>1. If running a quite large filter, increase the following
>parameters:
>fw_maxfiltersize and fw_maxcode (defaults are 32000 for
>fw_maxfiltersize and
>128K for fw_maxcode):
>
>2. Perform the 'fwstop' command
>
>3. Increase 'fw_maxfiltersize' for both the kernel (Module machine)
>(/etc/system) and for the user mode executable '$FWDIR/bin/fw', on
>both
>Management Station and Module machine.
>
>4.Add/Modify the line
>set fw:fw_maxfiltersize=0x40000
>to /etc/system, and run the following command:
>echo "fw_maxfiltersize?W40000" | adb -w $FWDIR/bin/fw
>
>(fw_maxfiltersize=0x40000 - is just an example you can select any
>hexadecimal value)
>
>5. Increase 'fw_maxcode' for the user mode executable (make it four
>times
>fw_maxfiltersize). Issue the following command on both management
>and module
>
>echo "fw_maxcode?W 160000" | adb -w $FWDIR/bin/fw
>
>6. Run fwstart on the management station and Reboot the FireWall
>module
>
>7. Run fwstart on the management station and Reboot the FireWall
>module.
>
>Now you might encounter the following error messages:
>FW-1: fw_runfilter: stack overflow, pc=0x454
>
>This message appears because of an INSPECT stack overflow.
>
>8.You should increase the INSPECT stack size by editing the
>'$FWDIR/conf/objects.C' file (make sure the GUI is not running) and
>adding
>the
>following line in the :props section:
>:stack_size ()
>Where  is the desired stack size in decimal (default is 1024 which
>consumes 4KB of kernel memory).
>
>9. After that you should reload the security policy.
>
>
>
>
>Problem Description
>You might encounter the following problem when trying to install
>large
>security policy (hundreds of rules):
>
>Compiled OK.
>Installing Security Policy xxxx on all.all@fw
>scope_dump: buffer too small (32000)
>Failed to Load Security Policy: No such file or directory
>Instead of "No such file or directory", the message "Arg list too
>long" may
>also appear.
>Installing Security Policy on localhost(fw) failed
>
>
>What are problems when trying to Installing a large security policy
>(hundreds of rules)
>
>
>
>
>
>-----Original Message-----
>From: Amit Shani [mailto:[email protected]]
>Sent: Wednesday, December 27, 2000 5:35 AM
>To: [email protected]
>Subject: [FW1] Cannot install compiled rules
>
>
>
>
>Hi All
>I am attempting to install the rulebase after a few minor changes.
>The rulebase is verified OK and there are no errors in compiling.
>However, when trying to install the policy I get:
>
>... Compiled OK
>...
>Downloading on localhost(fw-1) succeeded
>"C:\WINNT\FW1\4.1\tmp\local.ft", line 444: Multiple type for table
>are
>illegal
>Cannot get Security Policy from local
>Installing Security Policy on localhost(fw-1) failed
>
>
>I removed the changes I made and still it is the same.
>I can't install
>
>Please help
>
>Config: FW-1v4.1sp0 On NT4sp5
>
>
>
>=====================================================================
>=======
>====
>   To unsubscribe from this mailing list, please see the
>instructions at
>        http://www.checkpoint.com/services/mailing.html
>=====================================================================
>=======
>====
>-----
>This message was scanned by Aladdin/eSafe Protection Gateway in
>coordination with Check Point Firewall-1.  This protection does not
>ensure
>this message is virus free, however every precaution possible has
>been
>taken on our part.





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.