> From: Steck, Steffen M. [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 09, 2002 1:12 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] still no connectivity > > > Hi, > still have this problem and no solution: > I install a policy from management Solaris 2.6 to NOKIA IP330 > VRRPmc cluster > on IPSO 3.5 FCS10 and then loose all connectivity through the > firewalls as > soon as the gui says done (no allowed traffic is passed)! At > this moment I > see the following console error: > > Oct 8 18:01:24 somebox [LOG_CRIT] kernel: FW-1: Warning: > modify for a new > entry:
Steffen, I found this on Phoneboy: Warning: modify for a new entry Q: I recently moved from FW-1 ver 3.0b to 4.0. Rather than upgrading, I built a brand new machine for ver 4.0. The box has more than adequate resources for FW-1 and I have no complaints about the performance of my firewall, but I'm curious why there are a lot of errors that are written to the console or NT Event Log that look like this: FW-1: Warning: modify for a new entry: <cf5ab002,35,d1730105,0,11;0,4000,0> <0 : =0 14>. A: FireWall-1 is letting you know it is being asked to "modify" a table entry that does not exist. This is a harmless error and can be safely ignored. You can disable these messages as follows: IPSO (Nokia/VPN-1 Appliance) You need modzap from Nokia Knowledge Base Resolution 1261. Then you can execute the following command and reboot your Nokia Application Platform: modzap _fw_modify_verify $FWDIR/boot/modules/fwmod.o 0x0 Solaris Add the following to /etc/system and reboot: set fw:fw_modify_verify 0x0 Hope it helps. Hal > Oct 8 18:01:24 somebox [LOG_CRIT] kernel: <0 : =0 22> > Oct 8 18:01:26 somebox [LOG_CRIT] kernel: FW-1: Warning: > modify for a new > entry: > Oct 8 18:01:26 somebox [LOG_CRIT] kernel: > <3e9ae362,40e,98a39fe8,0,11;0,4000,0> <0 : =0 22> > > Then I wait up to 5 minutes and packets start to flow > through the FW-1s > like they should. > > I checked for reserved words, routes and illegal characters > but no help. > Anybody any idea please? > Running FW-1 4.1 SP6 ssl hotfixed anywhere. > Thx > Steffen > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
