[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Cannot install compiled rules
Thanks but Geekgirl's solution worked: I cut the names of a time objects that were longer than 12 chars. On Wed, 27 Dec 2000 17:42:54 -0500, Rob Plaenk wrote: >Solution: What are problems when trying to Installing a large >security >policy (hundreds of rules) (3.823) >1. If running a quite large filter, increase the following >parameters: >fw_maxfiltersize and fw_maxcode (defaults are 32000 for >fw_maxfiltersize and >128K for fw_maxcode): > >2. Perform the 'fwstop' command > >3. Increase 'fw_maxfiltersize' for both the kernel (Module machine) >(/etc/system) and for the user mode executable '$FWDIR/bin/fw', on >both >Management Station and Module machine. > >4.Add/Modify the line >set fw:fw_maxfiltersize=0x40000 >to /etc/system, and run the following command: >echo "fw_maxfiltersize?W40000" | adb -w $FWDIR/bin/fw > >(fw_maxfiltersize=0x40000 - is just an example you can select any >hexadecimal value) > >5. Increase 'fw_maxcode' for the user mode executable (make it four >times >fw_maxfiltersize). Issue the following command on both management >and module > >echo "fw_maxcode?W 160000" | adb -w $FWDIR/bin/fw > >6. Run fwstart on the management station and Reboot the FireWall >module > >7. Run fwstart on the management station and Reboot the FireWall >module. > >Now you might encounter the following error messages: >FW-1: fw_runfilter: stack overflow, pc=0x454 > >This message appears because of an INSPECT stack overflow. > >8.You should increase the INSPECT stack size by editing the >'$FWDIR/conf/objects.C' file (make sure the GUI is not running) and >adding >the >following line in the :props section: >:stack_size () >Where is the desired stack size in decimal (default is 1024 which >consumes 4KB of kernel memory). > >9. After that you should reload the security policy. > > > > >Problem Description >You might encounter the following problem when trying to install >large >security policy (hundreds of rules): > >Compiled OK. >Installing Security Policy xxxx on all.all@fw >scope_dump: buffer too small (32000) >Failed to Load Security Policy: No such file or directory >Instead of "No such file or directory", the message "Arg list too >long" may >also appear. >Installing Security Policy on localhost(fw) failed > > >What are problems when trying to Installing a large security policy >(hundreds of rules) > > > > > >-----Original Message----- >From: Amit Shani [mailto:[email protected]] >Sent: Wednesday, December 27, 2000 5:35 AM >To: [email protected] >Subject: [FW1] Cannot install compiled rules > > > > >Hi All >I am attempting to install the rulebase after a few minor changes. >The rulebase is verified OK and there are no errors in compiling. >However, when trying to install the policy I get: > >... Compiled OK >... >Downloading on localhost(fw-1) succeeded >"C:\WINNT\FW1\4.1\tmp\local.ft", line 444: Multiple type for table >are >illegal >Cannot get Security Policy from local >Installing Security Policy on localhost(fw-1) failed > > >I removed the changes I made and still it is the same. >I can't install > >Please help > >Config: FW-1v4.1sp0 On NT4sp5 > > > >===================================================================== >======= >==== > To unsubscribe from this mailing list, please see the >instructions at > http://www.checkpoint.com/services/mailing.html >===================================================================== >======= >==== >----- >This message was scanned by Aladdin/eSafe Protection Gateway in >coordination with Check Point Firewall-1. This protection does not >ensure >this message is virus free, however every precaution possible has >been >taken on our part. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|