Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Follow-up questions - Re: [FW-1] Management Station not listening on tcp/257

To: [email protected]
Subject: [FW-1] Follow-up questions - Re: [FW-1] Management Station not listening on tcp/257
From: Shawn Duffy <[email protected]>
Date: Sat, 23 Aug 2003 08:16:32 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have been browsing around the 'Net and according to Phoneboy's
FireWall-1 FAQ, FW-1 4.1 processes should run as Administrator, NOT the
Local System Account...  Is this true, could this be the problem with the
log daemon dying every two hours because of file locks??  I am more of a
Unix guy than Windows so please excuse any ignorance of Windows systems
accounts...

Thanks in advance!!

shawn
pakkit at codepiranha dot org

On Fri, 22 Aug 2003, Shawn Duffy wrote:

> No, the only stations sending logs to the Management station are the 2
> Check Point modules...
>
> shawn
> pakkit at codepiranha dot org
>
> On Fri, 22 Aug 2003, Mark Ward wrote:
>
> > do you have any of your cisco routers sending to the same station as well as
> > I have seen instances where syslog messages from ciscos have messed with the
> > log viewer
> > ----- Original Message -----
> > From: "Shawn Duffy" <[email protected]>
> > To: <[email protected]>
> > Sent: Friday, August 22, 2003 5:47 PM
> > Subject: [FW-1] Management Station not listening on tcp/257
> >
> >
> > > All:
> > >
> > > We have had a problem for quite a while in our environment and I am trying
> > > desperately to fix it.  Yes, we will be upgrading to NG soon, but this is
> > > a very vital firewall so we are taking it very slowly.
> > >
> > > Anyway, here is the setup:
> > >
> > > Two HiAv Nokia 530s running FireWall-1 4.1
> > > One Windows 2000 4.1 Management station
> > >
> > > Every four hours or so, the manager stops listening on port 257 and, of
> > > course, starts sending RSTs to the modules when they try to log.  So we
> > > end up restarting the manager and logging resumes.  When it crashes, I am
> > > seeing the following messages in the Application Logs on the Manager:
> > >
> > > FireWall-1: failed to read log header !!: The process cannot access the
> > > file because another process has locked a portion of the file.
> > >
> > > There are a ton of these in the Event Viewer right around the time the
> > > logging mechanism on the manager crashes and stops listening.
> > >
> > > Now, the firewall modules so send a TON of logs back to the manager, so is
> > > it possible that it is simply the large amount of traffic that is crashing
> > > the log daemon?
> > >
> > > Or, what processes could be simultaneously trying to access the file?
> > >
> > > Anyone seen this before?
> > >
> > > Thanks in advance!
> > >
> > > shawn
> > > pakkit at codepiranha dot org
> > >
> > > =================================================
> > > To set vacation, Out-Of-Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Management Station not listening on tcp/257
  - From: Shawn Duffy <[email protected]>
- Re: [FW-1] Management Station not listening on tcp/257
  - From: Mark Ward <[email protected]>
- Re: [FW-1] Management Station not listening on tcp/257
  - From: Shawn Duffy <[email protected]>

Prev by Date: Re: [FW-1] Management Station not listening on tcp/257
Next by Date: [FW-1] Hiding NAT with Proxy ARP
Previous by thread: Re: [FW-1] Management Station not listening on tcp/257
Next by thread: [FW-1] NEVERMIND Re: [FW-1] icmp packet drops?
Index(es):
- Date
- Thread