For your DNS problem:
SmartDashboard Policy Global Properties Firewall-1 section
I'll bet at least one of the two "Accept Domain Name ..." boxes are checked. Implied Rules are seen in View/Implied Rules and take effect prior to the rule base you created. Normally you want the DNS ones unchecked since you're controlling them with your own rules.
Ray
From: "Ware, Larry" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] log unification error, etc. Date: Thu, 21 Oct 2004 11:10:35 -0400
Anyone know what this means in SmartView Tracker? "log_unification_error: Log chain too long !!!"
And on a related note also in smartview tracker:
"dns_query: 65.214.32.161 dns_type: PTR message_info: Implied rule"
I get lots of DNS related entries that end with "Implied rule". I'll be darned if I can figure out why they get sent to the log. I have DNS rules installed that are set not to log this traffic.
So far the VAR that sold us the system hasn't been very helpful. -larry
# Larry Ware # Network Administrator # HTTP://www.e-one.com/ # [EMAIL PROTECTED]
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
