[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] HTTP Security Server Woes
Hi Dan/All, Thanks for the tips. fwstop;fwstart would help, but it's an unacceptable solution to stop all traffic (I have users telneting, etc.). I already have 1,500+ users upset :) I'm trying to open a ticket with CP, but since I don't have support -- they won't help me. Even their customer advocacy won't help me without a support contract (ouch!). I'm also trying to reach some CP techs I met at the CP User's Conference this year. They told me to call them about this problem, and they would help -- they won't return my calls. Unsettling trend. I'll continue to try, though. Here's some history:----------------- When I had support, I made my 1st call 2/4/99 ticket # 6756 on this issue. Websense/CP blamed my FW version, then my SP level -- finally CP said it was an issue known to FW1 upgrading (3.0b to 4.0) and that a rebuild from scratch would fix this problem. I have done all the above -- same problem remains. As you pointed out -- CP libraries are to blame. If CP is not interested in fixing the problem (it has been 2 years), and it's out of Websense's control, I am running out of options. I have no choice but to find an alternative filter solution if things remain the way they are -- and it would appear they will. My inablility to apply new policies during working hours because of this issue is unacceptable. Thanks -- Chris --- "Hubbard, Dan" <[email protected]> wrote: > We have seen an fwstop and fwstart fixing the issue. > It appears that the UFP > server reconnects on a start. If you can reboot you > should be able to > stop/start remotely...Unless you are somehow hard > rebooting the system > (which is very ugly at best). > > Anyways, I would open a trouble ticket with > Checkpoint and let them know the > issue. > > Make sure that you tell them you are using FW1 4.1 > SP3 as it runs the "new > UFP code". > > Let me know how it goes... > > -----Original Message----- > From: Chris F [mailto:[email protected]] > Sent: Wednesday, February 14, 2001 11:06 AM > To: Hubbard, Dan; Firewall One List > Subject: RE: [FW1] HTTP Security Server Woes > > > Hi Dan, > > No -- I am not doing any caching. > > The firewall is in another building, so I can't > fwstop/fwstart remotely (After the fwstop, I'd lose > my > connection <grin>) > > My guess is that fwstop/fwstart would work -- since > the > kill -1 <pid_of_httpd> > basically resets the daemon in the same way. > > A reboot certainly gets things working again. > > If I did try fwstop/fwstart -- what would the > outcome > indicate? > > Thanks -- Chris > > > --- "Hubbard, Dan" <[email protected]> wrote: > > Chris; > > > > Are you using UFP-Caching at all ? If so which > type > > ? Also, what happens if > > you fwstop and fwstart instead of re-booting ? > > > > We have seen this before when a policy is > > re-installed and there is a heavy > > load on the Firewall the UFP server will not > > re-establish TCP sessions with > > the UFP server. However, a fwstop / fwstart should > > re-stablish the > > communications. > > > > > > > > > > > > -----Original Message----- > > From: Chris F [mailto:[email protected]] > > Sent: Tuesday, February 13, 2001 6:28 PM > > To: Firewall One List > > Subject: [FW1] HTTP Security Server Woes > > > > > > > > Hi FW1 List, > > > > I have Solaris 2.6; FW1 v4.1 SP3 > > > > I use Websense, therefore, FW1's HTTP Security > > Server. > > > > Whenever I re-install a policy, WWW browsers > cannot > > browse. They get that blank page/error from the > > firewall that says: > > FW-1 at firewall: Access Denied > > > > The ahttpd.elg log file logs the following error: > > No default track in properties > > > > The only solution is to reboot. Sometimes, I can: > > kill -1 <pid-of-http-security-server> > > and everything will start working again. > > > > This is *not* a Websense issue, but something with > > FW1. > > > > A few weeks ago, I did the last thing I could > think > > of: completely rebuilt my firewall (OS and FW1 > fresh > > installs -- then fwmerged my objects.C file) > > > > Anyone have any suggestions for a fix? Help! > > > > Thanks -- Chris > > [email protected] > > > > PS - I didn't try the "dangle headless chicken > over > > firewall" trick. Would that help? > > > > > > __________________________________________________ > > Do You Yahoo!? > > Get personalized email addresses from Yahoo! Mail > - > > only $35 > > a year! http://personal.mail.yahoo.com/ > > > > > > > ============================================================================ > > ==== > > To unsubscribe from this mailing list, please > > see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > > ==== > > > > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - > only $35 > a year! http://personal.mail.yahoo.com/ > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|