Date: Fri, 7 Nov 2003 10:08:44 +0100 From: Odd Nielsen <[EMAIL PROTECTED]> Subject: Problem with host_table / licence
Hi! Running a IP330 with Fw1 4.1 and 5 interfaces. The licence is set on the outside IP (connected to internet). My problem is that its only a 25-node licence, this should be plenty, but my host_+table fills up with host connected to internet. Running "fw tab -t host_table -s" shows like 10 000 hosts. If I delete all the hosts (fw tab -t host_table -x), it will in short time be filled up with hosts from internet. Anyone knows why it counts hosts from the internet interface even then I have bound the licence one this interface? Regards Odd We had the same problem and according to information we received we had to define the external interface as specified below. For Windows 2000 running FireWall-1 1. Run at the CLI: ipconfig /all. Find the external interface and copy the MAC address associated with the interface. 2. Run at the CLI: netstat -r. The name of the adapter will be on the same line as the MAC address. Find the line which matches the MAC address obtained in step 1. 3. The string will look like this: 0x3..00 90 27 3a 67 90...E100B1 Intel. 4. The adapter's name is E100B1 and would be the entry in the external.if file. For Solaris running FireWall-1 1. Stop the firewall at the Command Line Interface (CLI) with: $FWDIR/bin/fwstop. 2. Run from the CLI: ifconfig -a. Find the external interface. 3. Copy and paste the name of the external interface into the external.if file--replacing the existing entry. 4. Start the firewall at the CLI with: $FWDIR/bin/fwstart. For FireWall-1 NG: 1. Copy the name of the interface, per the above steps, based on the operating system. 2. Stop the firewall at the CLI with: cpstop. 3. Create, with a text editor, the file: $FWDIR/conf/external.if. 4. Paste the name of the external interface in the file. 5. Start the firewall at the CLI with: cpstart. REMOVE THE ERRORS: For FireWall-1 NG: 1. Go to the CLI and stop the firewall with: cpstop. 2. Remove the files: $FWDIR/database/fwd.h and $FWDIR/database/fwd.hosts. 3. Run the command from the CLI: fw tab -t host_table -x. 4. Go to the CLI and start the firewall with: cpstart. Regards, Peter ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
