| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] flush objects.c?
Hello again,
it is NG AI, Mgmt on Solaris 9, module IPSO 3.7 / IP 330.
Data in my objects.c is migrated from 4.1 SP6 hotfixed.
Both the Nokia and the Sun box are a fresh install.
I manually deleted the Nokia from the imported rulebase and recreated it.
I my ruebase I have a group with all my networks in it ("known_nets").
Another group is called "web-surfer".
A rule looks like this:
web_surfer --> negated known_nets --> http(s) --> allow
This rule works in 4.1 perfectly, on AI also except for hosts behind one
interface (I have 5, and all hosts can use http except those behind one IF -
these are getting time outs, sniffing the IF shows the pakets arriving but
they do not emerge in the Tracker).
When I put a rule above this rule saying
test_host --> negated known_nets --> http(s) --> allow
where test_host is in a net behind the mentioned interface everything is
okay.
I deleted and recreated the group web_surfer and the whole rule to no extend
(of course test_host is a member of this group). So I think somewhere in the
objects.c something is wrong...
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
