NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FW1: only 256 internal hosts allowed



I have fixed this 2 times this month. I don't know if it will work with
SP1 Try the following......

Error: "FW-1: too many internal hosts detected" /var/log/messages file
contains entries with an error message, even though the number of
protected hosts does not exceed the licensed number.

A bug causes the 'lichosts' table to list the IP addresses of the
protected hosts both correctly and backwards, thus effectively doubling
the number of protected hosts and potentially causing license violation.


Upgrade to FireWall-1 4.1 SP4 or obtain the Hotfix for SP3 You may need
to get this from Nokia's website..

https://support.nokia.com/knowledge/frmResolutionView.jsp?ResolutionId=6
664

License Hotfix Update - We applied the following hotfix. Build number
verifies:
 
Backup fwmod.o located in /var/admin/old/fwmod.o
 
HOSTNAME[adminaccount]# fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41821
[VPN + DES + STRONG]
kernel: Version 4.1 [VPN + DES + STRONG] Build 3413101
 
Notes follow:
 
 
Hot Fix 3413101
=================================
 
Overview
--------
This Hot Fix should be installed over FireWall-1 4.1 Service Pack 3
(IPSO 3.3).
This Hot Fix changes the files: $FWDIR/boot/modules/fwmod.o  
The new build number is 3413101 (to view run 'fw ver -k').
 
Hot Fix Availability 
-------------------------
The Hot Fix is available for Nokia IP Series Appliance (IPSO) ,
FireWall-1 Des and Strong encryption editions.
 
Bug Fixes 
---------
CR00028553 - Wrong host counting : too many internal hosts
 

Installation Instructions
-------------------------
1. Unzip the hotfix_3413101.tar.gz file
2. Backup your old $FWDIR/boot/modules/fwmod.o
3. Stop FireWall-1 by running 'fwstop'.
4. Change the the relevant (Des or Strong) file name to fwmod.o and Copy
it to $FWDIR/boot/modules.
5. Reboot !
6. Start FireWall-1 by running 'fwstart'.
 
 
Following the previous steps, we cleared the host count as follows
 
Clear the host count 
fwstop 
Remove $FWDIR/database/fwd.h and $FWDIR/database/fwd.hosts 
fwstart 

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
Pulver, Richard
Sent: Thursday, August 02, 2001 5:56 AM
To: 'Volker Tanger'; [email protected]
Cc: [email protected]
Subject: RE: [FW1] FW1: only 256 internal hosts allowed



I have the same problem and I have tried everything on phoneboy's site.
It doesn't clear the problem. This is not a case where I would use RTFM,
Volker. I've had this problem for 6 months and neither myself nor my
reseller can figure it out. We've reviewed the external.if, the fwd.h,
and the fwd.hosts file according to CheckPoint and phoneboy with no
success. I've gone through the debug process several times. Each time I
end up banging my head against the wall. So please consider the fact
that this may not be as simple as reading the f%%^ing manual!!


Rich

-----Original Message-----
From: Volker Tanger [mailto:[email protected]]
Sent: Wednesday, August 01, 2001 10:12 AM
To: [email protected]
Cc: [email protected]
Subject: Re: [FW1] FW1: only 256 internal hosts allowed



Greetings!

[email protected] schrieb:

> we are running Firewall-1 4.1 SP 1 under Windows NT SP 5 with a 
> localnet
and
> DMZ. Everthing works fine.
> There just one thing that I don't understand: After starting the 
> Firewall-Service the following error messages occur in the system 
> event viewer
>
> FW1: FW-1: setting external interface to x
> FW1: FW-1: only 256 internal hosts allowed
>
> The problem is that we have only 170 internal hosts. external.if is 
> configured correctly.

It's a known problem, for explanation see:
    http://www.phoneboy.com/faq/0001.html

Or short: Checkpoint has problems counting correctly. For solution see:
    http://www.phoneboy.com/faq/0058.html

Bye
    Volker

PS:  RTFM? (here: RTFFAQ)
--

Volker Tanger  <[email protected]>
 Wrangelstr. 100, 10997 Berlin, Germany
    DiSCON GmbH - Internet Solutions
         http://www.discon.de/




========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.