Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Too Many Internal Hosts

To: "'Joerg Weber'" <[email protected]>, [email protected]
Subject: RE: [FW1] Too Many Internal Hosts
From: Steven Schuster <[email protected]>
Date: Fri, 9 Mar 2001 08:48:07 -0500
Sender: [email protected]

If you are using things such as the SMTP security server (CVP anti-virus for
example) the connections established on those rules show up in your log (and
presumably by the FW) from "daemon" and not from a specific interface.  I
have watched my log carefully and noticed that the IP addresses that show up
coming from "daemon" also show up when I do an "fw lichosts".  I have not
taken the opportunity to continue studying this, but it does seem possible
that this could be a source of some of extra addresses being counted against
the license.

Any thoughts?????

Steve Schuster, CCSE, CCNA
Midwest ISO
Security Analyst



-----Original Message-----
From: Joerg Weber [mailto:[email protected]]
Sent: Friday, March 09, 2001 8:05 AM
To: [email protected]
Subject: AW: [FW1] Too Many Internal Hosts



Same story here. I've seen bizarre entries in my hostfile where hosts are
listed which are def. not from my internal network. And everything is
configured right, I've even had a ticket open with my reseller. I guess it's
another FW-1 quirk.

Cheers,
	Joerg



------------------------------------------------------------
Joerg Weber, Systemadministration
JET Online GmbH
Altenkesseler Straße 17 / Geb. B5
66115 Saarbruecken
mailto:[email protected]
http://www.jet-online.de
------------------------------------------------------------


Beg to differ.
We have a pair of HA firewalls (VRRP) and we have this problem. Now I _know_
the 
external interface is set correctly. We have had consultancy in to check
this, 
in case there is something silly that we did. To no avail.

Our firewall still counts external hosts. Not all of them (we get a lot of 
traffic, and only a slow growth of hosts) but enough to shove us over our 
license limit.

At current count, we have 56 external hosts in our tables. This is after 
resetting it several weeks ago. 

We do get more that 56 connections in that interval, since we host a number
of 
websites which catch some fairly heavy traffic.

--
Ed Rolison
System Administrator
Phone: 01926 455303
http://www.byzantium.com
Byzantium Solutions Ltd


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Re-Install???
Next by Date: Re: [FW1] How to block ICQ
Previous by thread: RE: [FW1] Too Many Internal Hosts
Next by thread: [FW1] Webtrends & Stonebeat
Index(es):
- Date
- Thread