Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Another--License Count for Firewall-1

To: [email protected]
Subject: Re: [FW-1] Another--License Count for Firewall-1
From: Mitchell Silver <[email protected]>
Date: Thu, 11 Oct 2001 15:03:06 +0100
Comments: To: Mailing list for discussion of Firewall-1 <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Manuel,

I don't think that the 2 issues are related.

I've had a lot of problems with the first issue - "Too many internal hosts
detected" - so the rest of this message refers only to that problem.

318 is the number of hosts that FW-1 has detected.

It is possible, and the first thing to check, in a UNIX version of FW-1, is
that you have the correct external network interface name in the file
$FWDIR/conf/external.

If the external interface is properly referenced, then it could well be a
licensing issue.

The problem is that FW-1 is licensed using a system of logging "nodes". FW-1
defines a node as any I.P. address that is within the encryption domain(s)
(and, thus being protected) of the firewall. Thus, it counts printers as
well as P.C.s, and also non - windows machines using IP protocol, that it
detects. FW-1 maintains a constantly updated list of these "nodes" - when it
discovers a new one it adds it to the list.
Worse of all, it seems to detect external IP addresses, which could be on
your network because they've hacked in (unlikely), but are generally due to
client / satellite software such as AOL / Yahoo / MSN messenger services,
since these clients, are, apparently, configured to send the remote server's
IP address, with a port identifying the client, instead of their own
address.

There is also an issue with DHCP, since, FW-1 does not integrate with your
DHCP server and will log the new IP addresses as well as the old ones. This
is as a result of the constantly updated list of local hosts, which, if left
un-checked will, subject to your license limitations, continually grow. So,
if your DHCP leases are too short e.g.1 week, then, in that week, it is
possible that FW-1 will log the same PC twice, because its IP address has
changed.

However, on the up-side, you can clear the hosts count very easily!!!

All you have to do is delete the 2 files fwd.h and fwd.hosts.
www.phoneboy.com shows how to do this for a UNIX box:

fwstop
rm $FWDIR/database/fwd.h $FWDIR/database/fwd.hosts
fwstart

If you have floodgate, you will, of course, also need to re-start that too.

Hope this is helpful, I would refer to www.phoneboy.com for further
information.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------

Mitchell Silver
Calculus Solutions Ltd
Calculus House
Tel:    +44 (0) 20 7435 0070
6 Hampstead Gate
Fax:    +44 (0) 20 7794 1199
1A Frognal
Mob:    +44 (0) 07967 094 953
London  NW3 6AL
United Kingdom

Email:[email protected]

----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------

This email is from Calculus Solutions Limited.  The e-mail and any files
transmitted with it are confidential and intended solely for the use of the
individual or entity to whom they are addressed.  If you have received this
e-mail in error please notify [email protected]
<mailto:[email protected]> or telephone +44 (0) 20 7435 0070.

Any views expressed by an individual within this e-mail, which do not
constitute part of a legal contract, do not necessarily reflect the views of
the company.

----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------

-----Original Message-----
From: GARRIDO, MANUEL [mailto:[email protected]]
Sent: 10 October 2001 12:34
To: [email protected]
Subject: [FW-1] Another--License Count for Firewall-1

hi all

I have a license for 250 host, althoug we really are using less than 150
host but often I receive messages like this:

Oct  1 09:25:38 xx xxxxxx: FW-1: too many internal hosts (318)
detected

I already have read all the mails in Firewall-1 list about this, and nothing
has resolved my problem.
These messages appears in the morning,  always when the employees begin to
work with ours computers.
When I show the addresses that Firewall-1 is counting, with "fw lichosts"
command, appears some addresses
that we have used some time ago but now they aren´t being used.
Also in this listing appears several public addresses that don´t belong to
our company.

At the end of this listing these messages are showing:

Oct  1 09:25:38 xxxxxxxxx sendmail[1758]: My unqualified host name
(xxxxxxxxx) unknown; sleeping for retry
Oct  1 09:26:38 xxxxxxxxx sendmail[1758]: unable to qualify my own domain
name (xxxxxxxxx) -- using short name

DNS system isn´t setting in our Firewall because we have considered that it
isn´t necessary.


My questions are:

Is DNS problem connet with license count problem?
Have someone a problem like this?

thanks for your answers.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW-1] CISSP
Next by Date: Re: [FW-1] Fw-1: Urgent problem with Dr.Watson
Previous by thread: Re: [FW-1] Another--License Count for Firewall-1
Next by thread: Re: [FW-1] Another--License Count for Firewall-1
Index(es):
- Date
- Thread