[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] HTTP security server woes on NG... frustration level r ising...
Abe, Sometimes, the error messages being posted to the list are really hard to verify or just only popping up under very specific conditions, and so nobody is able to bring up a solution as fast and easy as you perhaps expect. Well, the "bad socket/type" stuff is such a case. Probably, it's a good idea to not only provide your Solaris and FW-1 version but also the hardware you are running. This sometimes gives us a better chance to come up with an idea... However, I would at least apply the latest Sun patch cluster for Solaris 8 and upgrade to Feature Pack 2, as it fixes many bugs and slightly changes the way NG works. Take a look at the FP2 Release Notes to get an understanding what was changed or enhanced by Check Point: http://www.checkpoint.com/support/downloads/docs/firewall1/ng/fp2/CPSuiteNG- FP2-RN.pdf. There are also enhancements regarding HTTP Security Server. At least with the last part of your e-mail I may help you out. The file /opt/CPfw1-50/conf/netso.ini has to do with the UserAuthority server in FW-1 which is used to authenticate and authorize network and web apps. The file (which I think is an abbreviation for network sign-on) carries some definitions for authentication properties regarding Windows domains (e.g. equality of authentication domains). Check out http://www.checkpoint.com/support/downloads/docs/firewall1/ng/fp2/UserAuthor ity.pdf for more information. Hope that helps a bit. Regards. Norbert -----Ursprüngliche Nachricht----- Von: Abe L. Getchell [mailto:[email protected]] Gesendet: Freitag, 7. Juni 2002 19:11 An: [email protected] Betreff: [FW-1] HTTP security server woes on NG... frustration level rising... Greetings all, I'm having an issue with the HTTP security server (trying to do some URL filtering) and I'm hoping someone has come up with a solution to this, 'cause I'm finding lots of people asking the question but no one offering a solution. I'm running FireWall-1 NG FP1 on Solaris 8 in 64-bit mode. The original problem was that I was receiving a lot of "error in accept statement: Too many open files" errors in ahttpd.elog. Searched on Google, came up with a fix (added "set rlim_fd_max=32768" and "set rlim_fd_cur=4096" in /etc/system - as well as a number of other tweaks I found in a performance tuning guide on Checkpoint's web site), and I'm no longer receiving that error message. Instead, I'm now receiving and equally large number of the following: T_get_event: bad socket/type: 1075/0 T_get_event: bad socket/type: 1076/0 T_get_event: bad socket/type: 1076/0 T_get_event: bad socket/type: 1077/1 T_get_event: bad socket/type: 1077/1 T_get_event: bad socket/type: 1078/1 T_get_event: bad socket/type: 1078/1 T_get_event: bad socket/type: 1079/0 T_get_event: bad socket/type: 1079/0 T_get_event: bad socket/type: 1080/0 T_get_event: bad socket/type: 1080/0 T_get_event: bad socket/type: 1081/0 T_get_event: bad socket/type: 1081/0 T_get_event: bad socket/type: 1082/0 T_get_event: bad socket/type: 1082/0 Seems to be incrementing port numbers, but I'm not sure why it would be saying that it couldn't bind a socket to that port... if that indeed is what it's saying. =) Anywho, has anyone ran across this and come up with a fix? I'm also receiving tons of "Cannot connect to WWW-server: Transport endpoint is not connected" errors in ahttpd.elg. From what I can find after some searching is that this is a "normal" error which could mean that a user might have hit "Cancel" while a page was loading or in some other way broke the connection. Is this true? If it is, how can I keep the log from being flooded with these? Last but not least, I'm also receiving the following entries in ahttpd.elg: cpsc: Unable to find default lang tag Could not open file /opt/CPfw1-50/conf/netso.ini Everything works fine regardless of these errors, but what is netso.ini and SHOULD it have been created somehow during the installation or configuration of the firewall? Thanks, Abe -- Abe L. Getchell Security Engineer [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|