[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: WARNING: cannot get address of host
Thanks to all that responded, I eventually figured out what the problem was. If you have a client/server config (EMC + fw modules), ensure that if you have specific policies for specific fw modules, that your rulebase specifies the fw module in the "install on" field and not "Gateways". (all targets) In my case, I was trying to push a firewall policy to a remote module - whilst my rulebase had the firewall object in the "Install On" field, the NAT rulebase specified "Gateways". rgds -karim i. Internet: [email protected] Greetings I am seeing this error today all out of nowhere when I try to push the policy from my EMC onto one of my fw modules: "/usr/lpp/FireWall-1/conf/myfirewall.pf", line 2437, WARNING: cannot get address of host <fw module> 2437: WARNING: will not create a value table for <target_list75> Compiled OK. This doesn't happen when I load another policy and push onto another fw module. Any ideas? I looked into the myfirewall.pf file on line 2437 and noticed that the line "target_list" had 5 of my remote fw module names in it, although I was only pushing the policy onto one of these firewalls. I deleted the *.pf file, recreated a new one with "fw gen" - no luck. In frustration, I deleted the *.pf file and rulebases.fws, and did a "fwm -g". Everything got recreated, but when I pushed the policy, I got the same error message. Why is trying to get the address of a host for which I am not even installing the rulebase on? Why does the target_list line have *all* my firewalls in it? Shouldn't it just contain the target of the fw module the policy will be pushed on? Environment: CP 4.0/SP 8 EMC/FW module environment Any assistance would be appreciated. Thanks. Rgds - -karim Internet: [email protected] Karim Ismail Advisory IT Specialist e-business Hosting Center Delivery Security - Common Infrastructure Tel:. Email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|