NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] external.if

Title: WG: [FW1] external.if
After going from an evaluation license for FW-1/VPN-1 4.1 SP4 configured as a Gateway-n
i received my Gateway-50 license. Up to that time it did not count the protected hosts
and after that it started counting both internal and external hosts agains the 50 host limit
 
I tried to stop FW-1/VPN-1 and delete the fwd.h and fwd.hosts file then verifiy
than the interface.if (not sure of the name and not in front of the FW right now)
contained the external interface name as reported by ipconfig and then restart the
FW without lock.
 
After a call to CheckPoint support they asked i try the following solution and it worked:
 
1- "FW tab -t host_table -x" to clear the list of host (Maybe hosts_table)
2- Stop the FW
3- Delete the fwd.h and fwd.hosts files
4- Restart the FW
 
since that no problem, FW lichosts just report internal interfaces hosts but
since there is a router just in front of the external interface, the FW never
receive broadcast so i dont know if it would count external hosts which broadcast
again the licence count.
 
Yves Belle-Isle
----- Original Message -----
Sent: Friday, September 28, 2001 06:32
Subject: WG: [FW1] external.if

Hi Scott,

we have the same Problem. We've tested the workaround written by Mona Rao too, but the effect dosn't keeping a long time. Overnight there's no possibility to connect to the internet. In Release Notes of FW1 SP5 you'll find Fixes and Improvements at page 6 point 33: "External hosts that send broadcast packets are not counted for the license check." But it still doesn't work.

I've contacted the checkpoint support three days ago, but thy don't answer me! Can anyone tell us what we can do to make the machine know not to count external hosts as protected hosts ?

best greetings

-----Ursprüngliche Nachricht-----
Von: Rao, Mona [mailto:[email protected]]
Gesendet: Donnerstag, 27. September 2001 01:22
An: Scott Kellerman; [email protected]
Betreff: RE: [FW1] external.if



Scott,

I experienced a similar issue.  What I needed to do was to delete two files
in the database directory of the fw. The path being: $FWDIR/database, do a
full listing of the files.

They are: fwd.h and fwd.hosts

After that stop and start firewall.

Hope that helps.

-----Original Message-----
From: Scott Kellerman [mailto:[email protected]]
Sent: Wednesday, September 26, 2001 1:38 PM
To: [email protected]
Subject: [FW1] external.if



Hi,

I'm in the process of loading CP 4.1.  During the installation, CP complains

that it does not recognize the elxl interface, and asks that I put it in
manually.  I did that, and in a test environment, everything seems to work.

After putting the firewall in place, although it works fine, I get messages
saying that we have more hosts behind the firewall than we are licensed for.

  We have a 100 user license, and we are not close to that many machines
behind the firewall.  When I look to see what the IP's it is talking about,
it turns out that they are outside IP's that are coming in from the
internet, thus it is counting any incoming IP's against our license.  I
checked the external.if file, and it shows the correct interface (elxl0). 
Can anyone tell me what I can do to make the machine know not to count
external hosts as protected hosts ?  The cards we are using are common 3com
cards.  We are running Solaris 7, on a Dell X86 machine.

Thanks....

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.