Thank
you very much for your response but i think that this is not my case. The URL
type(d) is always correct, the FW doesn't have M$ DNS server installed or other
DNS Server program or caching, the FW is configured to use DNS Name Resolution
(and it works like a charm), the web site(s) we are trying to visit do not time
out. Further more there is no BIND timeout in Policy -> Properties, Resolving
Tab (to be exact there is no such thing as Resolving TAB inside Policy,
Properties). Is there any other way around this problem? The FW is FW-1 4.1
CP2000 SP3 on M$ NT 4.0 SRV SP6a. Thank you. Thare is also a number of HTTP, FTP
Resources (These are used for Nimda in-out, forbiden downloads, ftp access for
specific PC's to specific IP Addresses).
-----Original Message-----
From: Cantwell, Steve [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 8:32 PM
To: '[EMAIL PROTECTED]'
Subject:
I am using the HTTP Security Server to filter and track web content. When I try to access a particular web site, I get a web page with the following error message:
fw-1 at (firewallname): unknown www server
What does this error message mean and how can I fix it?
A:
This could mean a couple of different things:
- The URL typed was not correct.
- The firewall is not configured to use DNS for name resolution. When using the HTTP Security Server, using DNS for name resolution is required.
- When FireWall-1 attempted to look up the site in question, it timed out.
There are a couple of ways to address this problem:
- Turn off any Name Service Caching software. nscd is a known problem on Solaris 2.5.1 installations. If this process is running, kill it, remove /etc/rc2.d/S76nscd (where it is usually started from) and reboot.
- Increase the BIND timeout in Policy->Properties, Resolving tab. Re-install the security policy
