|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Strange behaviour on our IP330
Title: RE: [FW1] Strange behaviour on our IP330
We are
running the management station and the firewall module on the same
machine. That's why we are pulling the policy from
localhost
About
the http resource thingie. We have a UFP server running
[Websense].
Thanks
Yes. The state directory is basically your rulebase stored
locally plus some other transient information. If you delete the files
in the state directory and fetch a new policy you will see a new set of files
in the state directory.
You
have are on a distributed rollout of FW(ie have the managment station on
another box) then you might also want to do the same thing on the managements
station. However, if you delete the state files from the management
server you will need to recompile the policies for all your FWs. Not a
big deal but you just need to realize that.
Further inspection of your email shows that you are getting your policy
from the localhost. IOW, it's not pulling the policy from your
management station. Is that normal?
Are
you using any HTTP resource filters to do proxying on the firewall? If
so does it do any sort of filtering?
Do
I just delete everything on that directory?
Did you try to clear the state directory?
> -----Original Message----- > From: Langa Kentane [mailto:[email protected]]
> Sent: Thursday, January 04, 2001 8:37 AM
> To: Firewall-1 Mailing List (E-mail)
> Subject: [FW1] Strange behaviour on our IP330
> > > > I am experiencing a strange
problem with my Nokia IP 330. >
> First of all, I noticed that the thing core
dumped this > morning. I noticed
> this when I was trying to bounce the firewall due to
a > problem where users > could not access the internet. I then rebooted the
firewall. > > What
happened next is that users still could not access the > internet. I > then put a rule
above the auth rules to give my box full >
access. Voila, no > problems. Them
I disabled the rule and removed the proxy >
settings from > internet explorer.
Vioala, no problems. > > The problem that IE returns when you try to access the
> internet is a DNS > problem. I tested DNS, works fine. > > While trying to do a policy
install, I got the following message: >
> Trying to fetch Security Policy from
localhost: > >
Installing Security Policy Health on all.all@firewall > Jan 4 15:06:28 firewall last message repeated 3
times > Jan 4 15:07:09 firewall
[LOG_CRIT] kernel: fw_lock: static_s > is
80000000 > Jan 4 15:07:09 firewall
[LOG_CRIT] kernel: fw_lock: already > locked.
current > = fw_filter (out), previous =
fwk_atomic_filter(2), level=2 > Jan 4
15:07:09 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_lock
> Jan 4 15:07:09 firewall [LOG_CRIT] kernel:
fw_unlock: > lock_level=-1 last
> locker=fwchain_deliver_cookie > Jan 4 15:07:09 firewall [LOG_CRIT] kernel: FW-1:
panic(1): fw_unlock > Jan 4 15:07:10
firewall [LOG_CRIT] kernel: fw_unlock: static_s is -1 > Jan 4 15:07:10 firewall last message repeated 5
times > Jan 4 15:07:10 firewall
[LOG_CRIT] kernel: fw_lock: already > locked.
current > = fw_filter (in), previous =
fwk_atomic_filter(2), level=2 > Jan 4
15:07:10 firewall [LOG_CRIT] kernel: FW-1: panic(1): fw_lock
> Jan 4 15:07:10 firewall [LOG_CRIT] kernel:
fw_unlock: > lock_level=-1 last
> locker=fwchain_deliver_cookie > Jan 4 15:07:10 firewall [LOG_CRIT] kernel: FW-1:
panic(1): fw_unlock > Jan 4 15:07:10
firewall [LOG_CRIT] kernel: fw_unlock: static_s is -1 > Fetching Security Policy from localhost succeeded
> firewall[admin]# Jan 4 15:07:10 firewall last
message > repeated 6 times > > Any ideas? >
__________________________________________________________
> Langa Kentane
| TEL:
> Security
Administrator | Cell: 082 606
1515 > DISCOVERY
HEALTH
| http://www.discoveryhealth.co.za >
__________________________________________________________________
> > > >
==============================================================
> ================== > To unsubscribe from this mailing
list, please see the > instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==============================================================
> ================== >
*********************************************************************** Gruntal
& Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit
personnel. E-mail will be archived for at least three years and may be
produced to regulatory agencies or others with a legal right to access
such information. Gruntal will not accept trade order instructions
via e-mail. Please telephone your Account Executive to place trade
orders.
Gruntal & Co.,
L.L.C. ***********************************************************************
*********************************************************************** Gruntal
& Co., L.L.C.'s e-mail system is for business purposes only. Messages
are not confidential. All e-mail may be reviewed by authorized
supervisors, compliance or internal audit personnel. E-mail will be
archived for at least three years and may be produced to regulatory
agencies or others with a legal right to access such information. Gruntal
will not accept trade order instructions via e-mail. Please telephone your
Account Executive to place trade orders.
Gruntal & Co.,
L.L.C. ***********************************************************************
|
|