Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] How to set external.if

To: "Langa Kentane" <[email protected]>, <[email protected]>
Subject: Re: [FW1] How to set external.if
From: "Larry Pingree" <[email protected]>
Date: Fri, 23 Feb 2001 10:13:44 -0800
Cc: "Firewall-1 Mailing List (E-mail)" <[email protected]>
Organization: SiegeWorks
References: <A69BC9CA4B39D411BF2200105A45B45B0B14EC8B@dhexchange.discoveryhealth.co.za>
Sender: [email protected]

I'd say that the most common problem with the "too many hosts allowed" by
customer is the lack of understanding how check point licenses.

You must keep in mind that whenever licensing Check Point for less than
unlimited, you have to tell Check Point which interface is your external
interface. This designation of the interface is telling check point, "Do not
Snoop for source addresses to include as part of my license on this
interface." But snoop every other interface for source addresses to place in
my licensed hosts file.

Also, I've found that people with licensing problems are often doing things
such as running their internal and external networks over the same switch or
hub which causes Check Point to license the internet :)

Keep in mind that Check Point licenses ip addresses not users.


-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [email protected]

SiegeWorks
Company WebSite: http://www.siegeworks.com/
Security Installation, Training and Consulting
-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Langa Kentane <[email protected]>
To: <[email protected]>
Cc: Firewall-1 Mailing List (E-mail)
<[email protected]>
Sent: Wednesday, February 21, 2001 11:32 PM
Subject: RE: [FW1] How to set external.if


>
> Sorry, I forgot to mension that you have to delete the files fwd.h and
> fwd.hosts in your $FWDIR/database
>
> Ciao
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: 22 February 2001 07:40
> To: [email protected]
> Subject: [FW1] How to set external.if
>
>
>
>      Now I put interface name "hme0" in the external.if file. But in
> firewall
> console, It showed message too many host. And I looked at list of hosts
> in "/var/adm/messages",almost are come from interface hme0. Why firewall
> counted ip from that interface? How to solve this problem?
>      Regards,
>      Chat Thongsong
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] How to set external.if
  - From: Langa Kentane <[email protected]>

Prev by Date: Re: [FW1] Remote access of Management Module
Next by Date: Re: [FW1] What's the difference between Implied pseudo rules and rule 0?
Previous by thread: RE: [FW1] How to set external.if
Next by thread: [FW1] too many hosts and How to set external.if - Solution?
Index(es):
- Date
- Thread