Hi
all,
I'm running FW1 4.0
sp4 (build 4066) on NT. I'm seeing the message "too many internal hosts"
in my firewall log. I've already setup the external interface to be listed
in the external.if file and have also reviewed the information on www.phoneboy.com . It would seem that
we've finally surpassed our license limit (100).
I've looked in the
Event Viewer on the firewall (NT box) and noticed that there are a huge neumber
of errors from FW1 - each listing an IP address. I'm assuming that each IP
was one that was unfortunate enough to be "outside" that
limit.
However, there are
at least 2 IP addresses that are repeated more than a handful of times that are
NOT from within my internal network nor are they any part of the Class C we use
in our DMZs. They have both been dropped by Rule 0 - I'm assuming
anti-spoofing. One of them is sending HTTP and has a destination address
that isn't part of this network.
1. Why are these
addresses listed in the internal hosts file? Is this possibly a bug in the
FW?
2. How does the
firewall determine which IP addresses to place into the hosts
file?
TIA.
Dave Black
Senior Software Engineer
extendedcare.com
(847) 790-8629
[EMAIL PROTECTED]
Home Page:
http://www.daveblack.net
