Hello, It is actually an Express Licence. When I do a fw lichosts the hosts are only those in my own network so I'm not sure where the problem really is. After applying HFA-12 the error messages in the event manager aren't no longer written as 'incidents' but as 'information'. In my security ruleset I prevent my internal hosts from accessing directly the Internet, they must pass through the proxy server which is in the DMZ. I have rules like this : Any ->proxy->http/https/ftp/smtp - accept Proxy->any->http/https/ftp/smtp - accept Lan->any->any - deny
Well my network looks like this : http://img97.exs.cx:81/img97/4601/schemasimple3nl.png If you think I should make corrections, please do so. Thank you. Yannick -----Original Message----- From: Scott Tobias [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 8:21 PM To: [email protected] Subject: Re: [FW-1] RE : [FW-1] Checkpoint licence : Count unique internal hosts Does this firewall have an Express License ? Look at the output of the fw lichosts to try and pinpoint the problem. Do connections come directly to the DMZ and not through the external interface of the firewall ? On Wed, 2 Mar 2005 19:22:54 +0100, Chanoine <[EMAIL PROTECTED]> wrote: > Good evening, > > I'm having this problem once again, and even if at first I thought it > just filled my event manager, it causes me some troubles by the way. > I've been looking for a fix for this problem but I just can't find it. > Could one of you show me the way? > > By the way you asked me if I had an external interface set, and my > answer is yes. I have on NIC set as external, one for the DMZ and the > last one for the LAN. Is it a possible cause, and if so is there a > troubleshoot? > > Thanks alot! > > Yannick > > -----Original Message----- > From: Scott Tobias [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 25, 2005 10:37 PM > To: [email protected] > Subject: Re: [FW-1] Checkpoint licence : Count unique internal hosts > > There are a couple of ways to go about troubleshooting this problem > > fw tab -t host_table -s (ammount of hosts that are counted against the > license) fw lichosts (will give the IP addresses of the hosts it's > counting) > > Checkpoint the release notes for HFA_12 there is a problem with how > many hosts are counted. Just don't forget if you apply the hot fix do > the following 1.cpstop 2. delete $FWDIR/database/fwd.h 3. delete > $FWRIR/database/fwd.hosts 4. cpstart 5. fw tab -t host_table -x > > There was a fix in HFA_12 for counting broadcasts for express > licensing. Do you have an external interface set ? > > On Tue, 25 Jan 2005 16:04:15 -0000, Neil Kemp > <[EMAIL PROTECTED]> wrote: > > From what I remember, there is a file where checkpoint stores the > > connections traversing the firewall. > > > > I have had to, in the past, and on previous versions of Checkpoint, > > look at this file and clear it out in order to get things running > > again. > > > > Perhaps start there. > > > > Cheers > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Chanoine > > Sent: 25 January 2005 15:57 > > To: [email protected] > > Subject: [FW-1] Checkpoint licence : Count unique internal hosts > > > > Hello, > > > > I'm having some licence problems with my checkpoint NG55 AI. > > > > I have a licence for 500 internal users. > > I have no more than ~400 unique nodes in my network. Those nodes are > > : > > - servers > > - workstations > > - printers > > > > I have a message in the event manager of the Win2k server running > > checkpoint saying that my licence only accepts 500 internal users > > and that I am over this limit. > > > > How can it be, and how can I troubleshoot this? > > > > Thanks! > > > > Yannick > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your subscription > > options, email [EMAIL PROTECTED] > > ================================================= > > > > > > #################################################################### > > ## > > ############### > > This e-mail message has been scanned for Viruses and Content and > cleared > > by 3DMail > > > ###################################################################### > ## > ############# > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your subscription > > options, email [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
