[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] operation would block
Hi Thanks a lot this seems to be the answer; I´ve done what you both have told and it goes smooth again (until next weird failure :) ) Thanks to all of you for your help Best regards Jesus Calvo ----- Original Message ----- From: <[email protected]> To: "Glover, Duke" <[email protected]>; <[email protected]> Cc: <[email protected]> Sent: Friday, February 23, 2001 8:56 PM Subject: RE: [FW1] operation would block > > Duke you are right - it is the control connection timing out. > To change it add 'fwd_conn_tout (x)' to the $FWDIR/lib/setup.C on the > firewall system and the managment station. > x - the timout in seconds, default is 25. > > e.g. > :fwd_conn_tout (40) > > -------------------------------------------------------------------------- ------------------ > > C. Paul Simons > Corporate Network Security Services > IHS Energy Group, Englewood, CO. > > Main:> Direct:> Fax:> Mobile:> > > > "Glover, Duke" > <[email protected]> To: [email protected], [email protected] > Sent by: cc: > [email protected] Subject: RE: [FW1] operation would block > kpoint.com > > > 23-02-01 09:41 > > > > > > > Hi Jesus, > > If I recall correctly, "operation would block" is the result of a timeout > being reached when trying to install your security policy. This timeout > can > be increased. I believe the default is 25 seconds. I forget where I once > read this. Can anyone verify or come up with a document that shows what > file to modify to increase this timeout ? > > HTH, > > Duke > > -----Original Message----- > From: Robert MacDonald [mailto:[email protected]] > Sent: Friday, February 23, 2001 10:59 AM > To: [email protected]; [email protected] > Subject: Re: [FW1] operation would block > > > > Jesus, > > You have two rules that are similar and the second one > will never be chosen, hence 'Operation would block' > > Dumb example: > > Rule 1: any any any accept > Rule 2: ws1 svr1 http drop > > Rule 1 will always win and rule 2 will never work (and > the implied cleanup rule won't work either in most cases.) > > Robert > > - - > Robert P. MacDonald > Global Infrastructure Group, Haworth, Inc. > Voice:> email: [email protected] > > >>> "Jesus Calvo Hernandez" <[email protected]> 02/23/01 09:47AM >>> > >hi all fw1 sufferers: > > > >does anyone has found this error when compiling the policy? > > > >Failed to Install Security Policy on fw1: Operation would block > > > >and better, does anyone how to solve it? > > > > > ============================================================================ > > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > > ==== > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > > > > ------------------------------------------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Sema Group. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ------------------------------------------------------------------ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|