NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Firewall and RH 7.0

Hello,

The problems Guy was referencing to in previous mail was the following:

- hundreds of ports remaining in the CLOSED state forever, ending up in a
system crash.

This occurred only with the Thunderlan NIC driver which is by the on-board
NIC used by Proliant 1600 systems for example.

The solution there was to use another NIC (NC3120 for example) using the
EhterXpress driver: eepro100

An interesting pointer for hardware/drivers info:
www.linuxhardwaredatabase.com

Best regards,

Patrick Dewilde

Best Regards, Cordialement, Met Vriendelijke Groeten

Patrick DEWILDE
COMPAQ Global Services

-----Original Message-----
From: Sommariva Graziano [mailto:[email protected]]
Sent: Friday, October 19, 2001 12:55 PM
To: [email protected]
Subject: Re: [FW-1] Firewall and RH 7.0


Hello,

I have a Compaq DL380 server.
On Compaq FTP site are present source code for NIC drivers, but I'm relutant
in reconpile the kernel.

Anyway I don't see an error on NICs.

Plese give me more details as soon as You'll heve 'em.

Best Regards,


-----Original Message-----
From: Roelandts, Guy [mailto:[email protected]]
Sent: Friday, October 19, 2001 9:21 AM
To: [email protected]
Subject: Re: [FW-1] Firewall and RH 7.0


Graziano,

   I know that one of my colleagues experienced some strange things with
 a Linux (but 6.2) and CheckPoint combination, it ended up to be a problem
 with the NIC driver, since we updated them no problems anymore. Sorry
 but he is absent for the moment and can't provide you more details.

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================



-----Original Message-----
From: Sommariva Graziano [mailto:[email protected]]
Sent: Wednesday, October 17, 2001 5:12 PM
To: [email protected]
Subject: Re: [FW-1] Firewall and RH 7.0


The box is Compaq DL380 and I think it has Intel 100Pro.
I will schedule the kernel upgrade "asap" and then I'll let you know.

Best Regards,


-----Original Message-----
From: Claes Jansson [mailto:[email protected]]
Sent: Wednesday, October 17, 2001 2:34 PM
To: [email protected]
Subject: Re: [FW-1] Firewall and RH 7.0


Hi,

i mean what brand and type. There are nics that work fine and nics that
don't work very well (Nic = Network Interface Card).

I think u should do this:

a) Upgrade the kernel to the latest version supplied from RedHat.

ftp://ftp.redhat.com/pub/redhat/linux/updates/7.0/en/os/i686/kernel-smp-2.2.
19-7.0.8.i686.rpm

b) If that not works try the non-SMP kernel:

ftp://ftp.redhat.com/pub/redhat/linux/updates/7.0/en/os/i686/kernel-2.2.19-7
.0.8.i686.rpm

c) If still no progress be sure to check that your nic's are listed in
Checkpoints HCL. I recomend Intel 100Pro or 3Com90x. They always work fine
on linux.

best regards.

         //Claes Jansson



At 13:36 2001-10-17 +0200, you wrote:
>Claes,
>
>What do you mean by "What nic's are u running?" ?I have 3 ethenret
>configured and there are no errors on the interfaces.
>
>The SMP kernel is intalled for default since i have a two cpu system.
>CP claims to support RH 7.0 SMP kernel.
>
>My kernel is: 2.2.16-22smp #1 SMP
>The system works really fine and performing.
>Do you think i should intall some kernel upgrade?
>I dod not patch anything on the system after the first installation.
>
>What happens if a have 2 CPUS running a non SPM kernel.
>Is the NON SMP kerner present on the system or I have to recompile it?
>
>Best Regards,
>
>
>-----Original Message-----
>From: Claes Jansson [mailto:[email protected]]
>Sent: Wednesday, October 17, 2001 11:58 AM
>To: [email protected]
>Subject: Re: [FW-1] Firewall and RH 7.0
>
>
>What nic's are u running?
>
>And have u tried with a non-smp kernel? Check this to be sure that it's not
>the SMP kernel that mess things up.
>
>Im currently running i similar enviroment (~2000 users) Rh7 (2.2.19-7.0.8)
>+ Cpfw4.1-sp5. My firewall cpu-load is less than 0.1. But im not running
>any VPN traffic from the firewall. Hardware is (P3-1Ghz, 256Mb RAM, 2x
>Intel Dual Port 100 Pro NIC's, Asus CUSL2-C Motherboard).
>
>best regards.
>
>          //Claes Jansson
>
>At 09:32 2001-10-17 +0200, you wrote:
> >On the system there is a squid proxy(configured with no disk cache).
> >The squid load is about 45 http_req/s during the day, with about 3000
>users.
> >
> >The system has 512MB RAM and 2 1000Mz Intel CPUs.
> >
> >Best Regards,
> >
> >
> >-----Original Message-----
> >From: Claes Jansson [mailto:[email protected]]
> >Sent: Tuesday, October 16, 2001 9:05 PM
> >To: [email protected]
> >Subject: Re: [FW-1] Firewall and RH 7.0
> >
> >
> >What load are we talking about? Users and Bandwidth.
> >
> >best regards,
> >
> >          //Claes Jansson
> >
> >At 18:28 2001-10-16 +0200, you wrote:
> > >I spoke too early...the problem still remains.
> > >It happens during the day with higher system load.
> > >
> > >
> > >Bes Regards,
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: Sommariva Graziano [mailto:[email protected]]
> > >Sent: Tuesday, October 16, 2001 10:19 AM
> > >To: [email protected]
> > >Subject: Re: [FW-1] Firewall and RH 7.0
> > >
> > >
> > >After ugrading to SP5 no more problems, besides SP3 did not claim to
> >support
> > >7.0 multiprocessor kernel.
> > >
> > >Best Regards,
> > >
> > >
> > >-----Original Message-----
> > >From: Jochen Höchner [mailto:[email protected]]
> > >Sent: Monday, October 15, 2001 11:30 PM
> > >To: [email protected]
> > >Subject: Re: [FW-1] Firewall and RH 7.0
> > >
> > >
> > >no works fine !!!
> > >do you have enough RAM and hard disk space ???
> > >
> > ><<< Sommariva Graziano <[email protected]> 10/15  5:36p >>>
> > >Did you have my same problem in sp3?
> > >
> > >Best regards,
> > >
> > >
> > >-----Original Message-----
> > >From: António Cardoso [mailto:[email protected]]
> > >Sent: Monday, October 15, 2001 4:26 PM
> > >To: [email protected]
> > >Subject: Re: [FW-1] Firewall and RH 7.0
> > >
> > >
> > >
> > >Try with sp4 or sp5 i've managed to put one to work with sp4 and
another
> > >with sp5
> > >
> > >António Cardoso
> > >[email protected]
> > >
> > >
> > >-----Original Message-----
> > >From: Sommariva Graziano [ mailto:[email protected]
> > ><mailto:[email protected]> ]
> > >Sent: Monday, October 15, 2001 2:44 PM
> > >To: [email protected]
> > >Subject: Re: [FW-1] Firewall and RH 7.0
> > >
> > >
> > >I do agree in part.
> > >
> > >I did excatly what you say, but the system hang 50% of time while
>intalling
> > >new polices from ManST. It works fine, if it does not freeze.
> > >
> > >Best regards,
> > >
> > >-----Original Message-----
> > >From: Jochen Höchner [ mailto:[email protected]
> > ><mailto:[email protected]> ]
> > >Sent: Thursday, October 11, 2001 6:51 PM
> > >To: [email protected]
> > >Subject: Re: [FW-1] Firewall and RH 7.0
> > >
> > >
> > >oh, it's no problem.
> > >1st you gotta install the rh 7, then the check point 4.1 for linux, but
> > >don't start it. after a service pak install sp3 and later it works
>without
> > >any problem.
> > >
> > ><<< Aeon Hale <[email protected]> 10/11 12:55p >>>
> > >I'm trying to get Checkpoint installed on RH 7.0.  It's being a pain.
>Basic
> > >RH installation.  In fact, off the 4.1, SP2 Checkpoint CD, rpm -ih
>***.rpm
> > >works great.  It installs Base version of checkpoint no problem, i
think
> > >version 414**...not sure of the rest.  Anyway, I get it all setup,
> >licensed,
> > >users, gui-clients, etc....reboot...no prob.  I goto upgrade to SP2 or
>SP3,
> > >it doesn't like that.  Says it need CPfw-1 installed first.  I run  rpm
>-u
> > >..rpm  --nodeps (which usually works in the past) and it
> > >installs....doesn't seem to be giving me grief.  I goto reboot...KERNEL
> > >PANIC...
> > >
> > >I know somebody out that has successuflly installed this on 7.0.  I've
>done
> > >6.2 way too many times and I'd be happy to stick with it, but RH 6.2
> >doesn't
> > >like my AMD Athlon CPU.
> > >
> > >Any help would be appreciated.
> > >
> > >Thanks,
> > >
> > >Aeon Hale
> > >Security Engineer
> > >CCSA,CCSE,CCSI
> > >Accenture
> > >
> > >
> >
>
>===========================================================================
> >=
> > >
> > >====
> > >      To unsubscribe from this mailing list, please see the
instructions
>at
> > >                http://www.checkpoint.com/services/mailing.html
> > ><http://www.checkpoint.com/services/mailing.html>
> >
>
>===========================================================================
> >=
> > >
> > >====
> > >
> >
>
>===========================================================================
> >=
> > >
> > >====
> > >      To unsubscribe from this mailing list, please see the
instructions
>at
> > >                http://www.checkpoint.com/services/mailing.html
> > ><http://www.checkpoint.com/services/mailing.html>
> >
>
>===========================================================================
> >=
> > >
> > >====
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > ><http://www.checkpoint.com/services/mailing.html>
> > >===============================================
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >===============================================
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >===============================================
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >===============================================
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >===============================================
> > >
> > >===============================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >===============================================
> >
> >===============================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >===============================================
> >
> >===============================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >===============================================
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.