[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] IP 650 with NG FP2 weird CVP problem
> Hello everybody, > > I'm implementing a Nokia IP 650 with TrendMicro VirusWall 3.5 using > Checkpoint Firewall-1 FP2. I did everything "by the book" and everything > was working fine. Life was beautiful until last week. The firewall decided > not to complete any more CVP connections and not log the reason. > > When i start a connection from the client, the Security Server intercepts > the request, but does not complete it with the destination. If I start a > ftp connection, for example, I get the "connection to host lost" message > at the client even before receiving any ftp welcome messages. I checked > the following: > > 1) The firewall has connectivity with the internet. > > 2) All licenses are OK. > > 3) When not using the resource (no CVP), the protocols HTTP, HTTPS, FTP > and SMTP work fine. > > 4) As I told you, there are no log entries > > 5) Using the fw monitor command, I noticed 4 SYN packets going from the > client to the destination, but no answer... > > 6) fw stat shows everything fine. > > I was wondering if there is any problem with the Security Servers. I tried > finding documentation on checking if they are running without success. > Maybe someone can give me a hand... Also, if there is an extra log (there > is no $FWDIR/log/aftpd.log file...) on the NOKIA that any of you know > about. > > Something else: I noticed something strange. When running the fwssd > command i got the following: > > # fwssd in.aftpd > fw: no license for 'auth' > fw: no license for 'content' > No License for auth services > accept_and_error: accept(0) failed: Socket operation on non-socket > # > > Weird, since all my licenses are OK. > > Any clues? > > Regards > > Daniel Accioly Rosa > CISSP, CCSE, MCP > Consultant > Global Infrastructure Services > Phone :55+(21) 3804-5110 > Net : 692-5110 > UNISYS Imagine it. Done. > > This message, including its attachments, is confidential and its contents > are restricted to the addressee. If you have received this message by > accident, please discard its contents by removing it from your mailbox. > Any unauthorized use of this message, replication or dissemination is > expressely prohibited. Unisys is not responsable for the content or > reliability of this information.. > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|