NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Strange behaviour on our IP330



Title: RE: [FW1] Strange behaviour on our IP330
We are running the management station and the firewall module on the same machine.  That's why we are pulling the policy from localhost
 
About the http resource thingie.  We have a UFP server running [Websense].
 
Thanks
-----Original Message-----
From: Gibson, Brian [mailto:[email protected]]
Sent: 05 January 2001 16:21
To: 'Langa Kentane'
Subject: RE: [FW1] Strange behaviour on our IP330

Yes.  The state directory is basically your rulebase stored locally plus some other transient information.  If you delete the files in the state directory and fetch a new policy you will see a new set of files in the state directory.
 
You have are on a distributed rollout of FW(ie have the managment station on another box) then you might also want to do the same thing on the managements station.  However, if you delete the state files from the management server you will need to recompile the policies for all your FWs.  Not a big deal but you just need to realize that.
 
Further inspection of your email shows that you are getting your policy from the localhost.  IOW, it's not pulling the policy from your management station.  Is that normal?
 
Are you using any HTTP resource filters to do proxying on the firewall?  If so does it do any sort of filtering?
-----Original Message-----
From: Langa Kentane [mailto:[email protected]]
Sent: Friday, January 05, 2001 2:56 AM
To: 'Gibson, Brian'
Subject: RE: [FW1] Strange behaviour on our IP330

Do I just delete everything on that directory?
-----Original Message-----
From: Gibson, Brian [mailto:[email protected]]
Sent: 05 January 2001 04:26
To: 'Langa Kentane'; Firewall-1 Mailing List (E-mail)
Subject: RE: [FW1] Strange behaviour on our IP330

Did you try to clear the state directory?

> -----Original Message-----
> From: Langa Kentane [mailto:[email protected]]
> Sent: Thursday, January 04, 2001 8:37 AM
> To: Firewall-1 Mailing List (E-mail)
> Subject: [FW1] Strange behaviour on our IP330
>
>
>
> I am experiencing a strange problem with my Nokia IP 330.
>
> First of all, I noticed that the thing core dumped this
> morning.  I noticed
> this when I was trying to bounce the firewall due to a
> problem where users
> could not access the internet. I then rebooted the firewall.
>
> What happened next is that users still could not access the
> internet.  I
> then put a rule above the auth rules to give my box full
> access.  Voila, no
> problems.  Them I disabled the rule and removed the proxy
> settings from
> internet explorer.  Vioala, no problems.
>
> The problem that IE returns when you try to access the
> internet is a DNS
> problem.  I tested DNS, works fine.
>
> While trying to do a policy install, I got the following message:
>
> Trying to fetch Security Policy from localhost:
>
> Installing Security Policy Health on all.all@firewall
> Jan  4 15:06:28 firewall last message repeated 3 times
> Jan  4 15:07:09 firewall [LOG_CRIT] kernel: fw_lock: static_s
> is 80000000
> Jan  4 15:07:09 firewall [LOG_CRIT] kernel: fw_lock: already
> locked. current
> = fw_filter (out), previous = fwk_atomic_filter(2), level=2
> Jan  4 15:07:09 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_lock
> Jan  4 15:07:09 firewall [LOG_CRIT] kernel: fw_unlock:
> lock_level=-1 last
> locker=fwchain_deliver_cookie
> Jan  4 15:07:09 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_unlock
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: fw_unlock: static_s is -1
> Jan  4 15:07:10 firewall last message repeated 5 times
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: fw_lock: already
> locked. current
> = fw_filter (in), previous = fwk_atomic_filter(2), level=2
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_lock
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: fw_unlock:
> lock_level=-1 last
> locker=fwchain_deliver_cookie
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_unlock
> Jan  4 15:07:10 firewall [LOG_CRIT] kernel: fw_unlock: static_s is -1
> Fetching Security Policy from localhost succeeded
> firewall[admin]# Jan  4 15:07:10 firewall last message
> repeated 6 times
>
> Any ideas?
> __________________________________________________________
> Langa Kentane         | TEL:
> Security Administrator        | Cell: 082 606 1515
> DISCOVERY HEALTH              | http://www.discoveryhealth.co.za
> __________________________________________________________________
>
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>



***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.

Gruntal & Co., L.L.C.
***********************************************************************


***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.

Gruntal & Co., L.L.C.
***********************************************************************


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.