[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] operation would block
Duke you are right - it is the control connection timing out. To change it add 'fwd_conn_tout (x)' to the $FWDIR/lib/setup.C on the firewall system and the managment station. x - the timout in seconds, default is 25. e.g. :fwd_conn_tout (40) -------------------------------------------------------------------------------------------- C. Paul Simons Corporate Network Security Services IHS Energy Group, Englewood, CO. Main:Direct:Fax:Mobile:"Glover, Duke" <[email protected]> To: [email protected], [email protected] Sent by: cc: [email protected] Subject: RE: [FW1] operation would block kpoint.com 23-02-01 09:41 Hi Jesus, If I recall correctly, "operation would block" is the result of a timeout being reached when trying to install your security policy. This timeout can be increased. I believe the default is 25 seconds. I forget where I once read this. Can anyone verify or come up with a document that shows what file to modify to increase this timeout ? HTH, Duke -----Original Message----- From: Robert MacDonald [mailto:[email protected]] Sent: Friday, February 23, 2001 10:59 AM To: [email protected]; [email protected] Subject: Re: [FW1] operation would block Jesus, You have two rules that are similar and the second one will never be chosen, hence 'Operation would block' Dumb example: Rule 1: any any any accept Rule 2: ws1 svr1 http drop Rule 1 will always win and rule 2 will never work (and the implied cleanup rule won't work either in most cases.) Robert - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] >>> "Jesus Calvo Hernandez" <[email protected]> 02/23/01 09:47AM >>> >hi all fw1 sufferers: > >does anyone has found this error when compiling the policy? > >Failed to Install Security Policy on fw1: Operation would block > >and better, does anyone how to solve it? ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|