[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Another--License Count for Firewall-1
Manuel, I don't think that the 2 issues are related. I've had a lot of problems with the first issue - "Too many internal hosts detected" - so the rest of this message refers only to that problem. 318 is the number of hosts that FW-1 has detected. It is possible, and the first thing to check, in a UNIX version of FW-1, is that you have the correct external network interface name in the file $FWDIR/conf/external. If the external interface is properly referenced, then it could well be a licensing issue. The problem is that FW-1 is licensed using a system of logging "nodes". FW-1 defines a node as any I.P. address that is within the encryption domain(s) (and, thus being protected) of the firewall. Thus, it counts printers as well as P.C.s, and also non - windows machines using IP protocol, that it detects. FW-1 maintains a constantly updated list of these "nodes" - when it discovers a new one it adds it to the list. Worse of all, it seems to detect external IP addresses, which could be on your network because they've hacked in (unlikely), but are generally due to client / satellite software such as AOL / Yahoo / MSN messenger services, since these clients, are, apparently, configured to send the remote server's IP address, with a port identifying the client, instead of their own address. There is also an issue with DHCP, since, FW-1 does not integrate with your DHCP server and will log the new IP addresses as well as the old ones. This is as a result of the constantly updated list of local hosts, which, if left un-checked will, subject to your license limitations, continually grow. So, if your DHCP leases are too short e.g.1 week, then, in that week, it is possible that FW-1 will log the same PC twice, because its IP address has changed. However, on the up-side, you can clear the hosts count very easily!!! All you have to do is delete the 2 files fwd.h and fwd.hosts. www.phoneboy.com shows how to do this for a UNIX box: fwstop rm $FWDIR/database/fwd.h $FWDIR/database/fwd.hosts fwstart If you have floodgate, you will, of course, also need to re-start that too. Hope this is helpful, I would refer to www.phoneboy.com for further information. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------- Mitchell Silver Calculus Solutions Ltd Calculus House Tel: +44 (0) 20 7435 0070 6 Hampstead Gate Fax: +44 (0) 20 7794 1199 1A Frognal Mob: +44 (0) 07967 094 953 London NW3 6AL United Kingdom Email:[email protected] ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------- This email is from Calculus Solutions Limited. The e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify [email protected] <mailto:[email protected]> or telephone +44 (0) 20 7435 0070. Any views expressed by an individual within this e-mail, which do not constitute part of a legal contract, do not necessarily reflect the views of the company. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------- -----Original Message----- From: GARRIDO, MANUEL [mailto:[email protected]] Sent: 10 October 2001 12:34 To: [email protected] Subject: [FW-1] Another--License Count for Firewall-1 hi all I have a license for 250 host, althoug we really are using less than 150 host but often I receive messages like this: Oct 1 09:25:38 xx xxxxxx: FW-1: too many internal hosts (318) detected I already have read all the mails in Firewall-1 list about this, and nothing has resolved my problem. These messages appears in the morning, always when the employees begin to work with ours computers. When I show the addresses that Firewall-1 is counting, with "fw lichosts" command, appears some addresses that we have used some time ago but now they aren´t being used. Also in this listing appears several public addresses that don´t belong to our company. At the end of this listing these messages are showing: Oct 1 09:25:38 xxxxxxxxx sendmail[1758]: My unqualified host name (xxxxxxxxx) unknown; sleeping for retry Oct 1 09:26:38 xxxxxxxxx sendmail[1758]: unable to qualify my own domain name (xxxxxxxxx) -- using short name DNS system isn´t setting in our Firewall because we have considered that it isn´t necessary. My questions are: Is DNS problem connet with license count problem? Have someone a problem like this? thanks for your answers. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. _____________________________________________________________________ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|