[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW1: only 256 internal hosts allowed
I have fixed this 2 times this month. I don't know if it will work with SP1 Try the following...... Error: "FW-1: too many internal hosts detected" /var/log/messages file contains entries with an error message, even though the number of protected hosts does not exceed the licensed number. A bug causes the 'lichosts' table to list the IP addresses of the protected hosts both correctly and backwards, thus effectively doubling the number of protected hosts and potentially causing license violation. Upgrade to FireWall-1 4.1 SP4 or obtain the Hotfix for SP3 You may need to get this from Nokia's website.. https://support.nokia.com/knowledge/frmResolutionView.jsp?ResolutionId=6 664 License Hotfix Update - We applied the following hotfix. Build number verifies: Backup fwmod.o located in /var/admin/old/fwmod.o HOSTNAME[adminaccount]# fw ver -k This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41821 [VPN + DES + STRONG] kernel: Version 4.1 [VPN + DES + STRONG] Build 3413101 Notes follow: Hot Fix 3413101 ================================= Overview -------- This Hot Fix should be installed over FireWall-1 4.1 Service Pack 3 (IPSO 3.3). This Hot Fix changes the files: $FWDIR/boot/modules/fwmod.o The new build number is 3413101 (to view run 'fw ver -k'). Hot Fix Availability ------------------------- The Hot Fix is available for Nokia IP Series Appliance (IPSO) , FireWall-1 Des and Strong encryption editions. Bug Fixes --------- CR00028553 - Wrong host counting : too many internal hosts Installation Instructions ------------------------- 1. Unzip the hotfix_3413101.tar.gz file 2. Backup your old $FWDIR/boot/modules/fwmod.o 3. Stop FireWall-1 by running 'fwstop'. 4. Change the the relevant (Des or Strong) file name to fwmod.o and Copy it to $FWDIR/boot/modules. 5. Reboot ! 6. Start FireWall-1 by running 'fwstart'. Following the previous steps, we cleared the host count as follows Clear the host count fwstop Remove $FWDIR/database/fwd.h and $FWDIR/database/fwd.hosts fwstart -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Pulver, Richard Sent: Thursday, August 02, 2001 5:56 AM To: 'Volker Tanger'; [email protected] Cc: [email protected] Subject: RE: [FW1] FW1: only 256 internal hosts allowed I have the same problem and I have tried everything on phoneboy's site. It doesn't clear the problem. This is not a case where I would use RTFM, Volker. I've had this problem for 6 months and neither myself nor my reseller can figure it out. We've reviewed the external.if, the fwd.h, and the fwd.hosts file according to CheckPoint and phoneboy with no success. I've gone through the debug process several times. Each time I end up banging my head against the wall. So please consider the fact that this may not be as simple as reading the f%%^ing manual!! Rich -----Original Message----- From: Volker Tanger [mailto:[email protected]] Sent: Wednesday, August 01, 2001 10:12 AM To: [email protected] Cc: [email protected] Subject: Re: [FW1] FW1: only 256 internal hosts allowed Greetings! [email protected] schrieb: > we are running Firewall-1 4.1 SP 1 under Windows NT SP 5 with a > localnet and > DMZ. Everthing works fine. > There just one thing that I don't understand: After starting the > Firewall-Service the following error messages occur in the system > event viewer > > FW1: FW-1: setting external interface to x > FW1: FW-1: only 256 internal hosts allowed > > The problem is that we have only 170 internal hosts. external.if is > configured correctly. It's a known problem, for explanation see: http://www.phoneboy.com/faq/0001.html Or short: Checkpoint has problems counting correctly. For solution see: http://www.phoneboy.com/faq/0058.html Bye Volker PS: RTFM? (here: RTFFAQ) -- Volker Tanger <[email protected]> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|