Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Cannot Compile

To: [email protected]
Subject: Re: [FW-1] Cannot Compile
From: "Chontzopoulos, Dimitris" <[email protected]>
Date: Thu, 20 Dec 2001 13:39:04 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

You Said:

* When we do a compile on the FW-1 after changing, we found the
* following
* error :
*
* Standard.W: Security Policy Script generated into Standard.pf
* Standard:
* "C:\WINNT\FW\conf\Standard.pf", line 584: ERROR: macro
* identifier <smtp>
* redefined
* "C:\WINNT\FW\conf\Standard.pf", line 629: ERROR: cannot
* expand macro <smtp>
* "C:\WINNT\FW\conf\Standard.pf", line 692: ERROR: cannot find
* <table_target_list9> anywhere
* Compilation Failed.

Have you changed the IP address of the FW lately or the FW itself? Have you
changed the IP address of the Mail Server lately? Have you upgraded to a
higher level of SP lately? If so then you are in BIG trouble.

1.      Open the Policy Editor, Double click the FW object, do a GET at the
Interfaces. Re-created anti-spoofing rules (if you had those previously
created), Save the Policy (do not install it yet)
2.      DELETE ALL SMTP RESOURCES, save the Policy (do not install it yet)
3.      Delete the mail server object, save the policy (do not install it
yet)
4.      Unplug your FW off the Internet (if this can be done)
5.      Install the Policy

I may be wrong about all these, maybe you should wait until someone else
posts a reply before taking any further actions. I have seen this before
though and it happened to me 5 months ago. We just wanted to upgrade to FW1
4.1 SP3 while installing the Server (NT) from scratch. What we did was copy
the files from the OLD FW (the one soon to be F.U.B.A.R. "Tango & Cash") to
a PIII Compaq Desktop having FW1 installed. What we came accross afterwards,
i just can't explain in English (only in Bad English)... Never mind... After
12 hours (thank GOD, the upgrade didn't start immediately) we managed to
bring it online and operational. We had the same problem you had. Ours was
FW1 4.1 SP0, copied the rulebase to FW1 CP2000 (4.1) SP3, HELL visited us...

>From what i can imagine you did an upgrade to the FW (higher SP) or you
changed the IP address or something like that.


-----Original Message-----
From: Suriyanto Limah [mailto:[email protected]]
Sent: Thursday, December 20, 2001 12:54 PM
To: [email protected]
Subject: Re: [FW-1] Cannot Compile


Hi Dimitris,

I have changed, however the same error still appeared.

Regards,
Suriyanto







"Chontzopoulos, Dimitris" <[email protected]> on
12/20/2001 03:59:30 PM

Please respond to Mailing list for discussion of Firewall-1
      <[email protected]>








 To:      [email protected]

 cc:      (bcc: Suriyanto Limah/AIN/ACI)



 Subject: Re: [FW-1] Cannot Compile









For starters, the "Action" shouldn't be "Reject". The "Action" on resources
should always be "Drop".
IMHO the "Match Sender" should be "*{*@vhost*}*". I may be wrong though...

-----Original Message-----
From: Suriyanto Limah [mailto:[email protected]]
Sent: Thursday, December 20, 2001 4:46 AM
To: [email protected]
Subject: Re: [FW-1] Cannot Compile


Hi..

I have created a resource :

          Name: AntiSpamming
          Exception Track: None
          Match Sender: {*@vhost.*}
          Don't Accept Mail Larger Than 1000 KB
          CVP (no server installed)
          CVP None
          Allowed Chars: 8-bit

With the two following roule:

Source Destination   Service                  Action    Install on
any    SMTP            smtp->SMTP-AntiSpamming  Reject       OurFW



regards,
Suriyanto








"Roelandts, Guy" <[email protected]> on 12/19/2001 08:39:44 PM

Please respond to Mailing list for discussion of Firewall-1
      <[email protected]>








 To:      [email protected]

 cc:      (bcc: Suriyanto Limah/AIN/ACI)



 Subject: Re: [FW-1] Cannot Compile









Hi,

   Didn't you define something, like an object, that contains smtp
 in it ? I had this once and found out there a number of reserved
 words that you can't use.

   Just my 2 ??? cents

Met vriendelijke groeten - Bien ?  vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================


* -----Original Message-----
* From: Suriyanto Limah [mailto:[email protected]]
* Sent: 19 December 2001 11:18
* To: [email protected]
* Subject: [FW-1] Cannot Compile
*
*
* Dear All,
*
* When we do a compile on the FW-1 after changing, we found the
* following
* error :
*
* Standard.W: Security Policy Script generated into Standard.pf
* Standard:
* "C:\WINNT\FW\conf\Standard.pf", line 584: ERROR: macro
* identifier <smtp>
* redefined
* "C:\WINNT\FW\conf\Standard.pf", line 629: ERROR: cannot
* expand macro <smtp>
* "C:\WINNT\FW\conf\Standard.pf", line 692: ERROR: cannot find
* <table_target_list9> anywhere
* Compilation Failed.
*
* What's wrong with this error?
*
* Thanks in advanced for any idea.
*
* best regards,
* Suriyanto
*
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Cannot Compile
  - From: Volker Tanger <[email protected]>

Prev by Date: Re: [FW-1] License for Client-to-Site VPN.
Next by Date: Re: [FW-1] Nat'ing a single service on NT
Previous by thread: Re: [FW-1] Cannot Compile
Next by thread: Re: [FW-1] Cannot Compile
Index(es):
- Date
- Thread