NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Too Many Internal Hosts Detected


>I am getting the dreaded "too many internal hosts detected" the external.if
>file contains the name of the correct interface N1003, I have checked the
>table using "fw lichosts" and the majority of the addresses are foreign
>apart from the destination IPs of most of the foreign addresses being my
>internal subnets broadcast address.  Also I have bounced and removed fwd.h
>and fwd.hosts this stops the messages for a day or so then they return.

Some things to note:

The format of the 'fw lichosts' output is kinda of funny... this is because
you will notice it is reporting the "host:x.x.x.x" IP Address
BACKWARDS...... 

So in the example entry below:

"El90 24/4/2001 21:56> host:90.12.254.169 src:169.254.12.90
dst:169.254.255.255 proto:udp sport:nbdatagram dport:nbdatagram"

El90  is the Interface name.  DOUBLE and TRIPLE check to make sure you have
defined the interface names properly in the Firewall object, and also in the
external.if file.  

Sometimes people mistake "1" (one) and "l" (the lower case of letter L), and
"0" (zero) and "O" (the letter O).  

The best way to go around this is to do a Get in the Interfaces tab - if you
can't do a get, just copy and paste the interface name directly from the
"ipconfig" output.

Notice that host is "host:90.12.254.169"  ...it is actually the reverse of
"src:169.254.12.90"

You may say you don't know what the heck the "host:90.12.254.169" address
is, but if you read it backwards it may make sense to you... hehe.

Also note that all Microsoft IP stacks will assign the "169.254.x.x" address
if the system is setup to use DHCP and it is unable to receive an IP address
from a DHCP server.  

In the long run, this address can change, and the firewall continues keeping
track of these addresses, they pile up, and you end up getting "too many
internal hosts" errors...

Check your network for
systems/routers/printers/switches/coffee-makers/soda-machines that have DHCP
enabled..    

 :)

Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.