NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Too Many Internal Hosts




>
>This is caused by the external interface of the firewall not being defined
>correctly.  You want to change this to reflect the external interface of the
>firewall, when this is not set the firewall counts both internal and
>external address as traversing it and records them in it's host file.  Once
>it has reaced the license limit, 25 in your case, it will begin to spew out
>those errors. If you run 'cpconfig' one of the menu options should be
>external interface, set it to reflect the physical name (on Nokia it's
>eth-sxpxc0 on Sun hme0/qfe0) . You will then want to stop the firewall go
>into the database directory and delete the fwd.h and fwd.hosts in order to
>reset the host count.  You shouldn't experience this error after having set
>the external interface appropriately.
>
>Juan Concepcion
>Network Engineer/Security Consultant
>CCSA/CCSE
>E-Mail: [email protected]
>
>
>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]]On Behalf Of
>Agung Samadi
>Sent: Thursday, March 08, 2001 5:33 AM
>To: [email protected]; [email protected]
>Subject: Re: [FW1] Too Many Internal Hosts
>
>
>Jason,
>
>Type the following command from your Nokia console :
>#fw ctl debug -buf
>This will prevent the high CPU utilization by blocking console error message
>logging
>You should check this vulnerability to securityfocus.
>I don't know when Checkpoint fix this bug in the next sevice pack.
>Unfortunately, for Nokia user the SP3 haven't release yet.
>
>cheers to you :)
>
>----- Original Message -----
>From: "jason clements" <[email protected]>
>To: <[email protected]>
>Sent: Thursday, March 08, 2001 4:33 PM
>Subject: [FW1] Too Many Internal Hosts
>
>
>>
>> When running one of our nokia 330's with a 25 user license we get the "too
>> many internal hosts" error message.  I have checked out phoneboy and done
>as
>> suggested with fwd.hosts, etc, this gives temporary relief, I have limited
>> buffering to avoid the lengthy messages.
>>
>> Now the support company have stated that this problem is a hardware
>related
>> issue, but as I have seen the same problem on nokia/sun hardware I dispute
>> this.
>>
>> I think it is a definite checkpoint problem, is there a fix for this, or
>is
>> it just a symptom of their licensing algorithm not counting the internal
>> hosts correctly.
>>
>> I have checked external.if, this is fine, there is only one route into
>this
>> network, but 70% of the hosts listed are from external sources.
>>
>> Any solution to this one, apart from buying unlimited licenses,
>>
>> cheers
>>
>> jason
>> _________________________________________________________________________
>> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>>

Beg to differ.
We have a pair of HA firewalls (VRRP) and we have this problem. Now I _know_ the 
external interface is set correctly. We have had consultancy in to check this, 
in case there is something silly that we did. To no avail.

Our firewall still counts external hosts. Not all of them (we get a lot of 
traffic, and only a slow growth of hosts) but enough to shove us over our 
license limit.

At current count, we have 56 external hosts in our tables. This is after 
resetting it several weeks ago. 

We do get more that 56 connections in that interval, since we host a number of 
websites which catch some fairly heavy traffic.

--
Ed Rolison
System Administrator
Phone: 01926 455303
http://www.byzantium.com
Byzantium Solutions Ltd

<STAMP, you see the stamp of corporate conformity>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.