Well I did not resolve the issue, I just live with it...
My problem is that 'fw lichosts' shows too few hosts and that FW1 is
right to complain (we are a bit over the license limit for the moment).
As for the anti-spoofing rule, I guess that administrative concerns
(license) are not mixed with security concerns (anti spoofing) by CheckPoint.
The license is taking into account *ANY* IP detected on the internal LANs
even if it is rejected by some security measure...
Any light on this, someone ?
It seems that someone else is having trouble with his license (see subject [FW1] Too Many internal hosts error variation) in the mailing list... But it seems different...
I'll contact you if I learn something about that,
Karim
Dave Black wrote:
Hi Karim,I'm having similar problems as you. I was wondering if you were able to
resolve your issue? Also, why is it that the IPs knocked out by
anti-spoofing would also be included in the host entries?TIA.
Dave Black
Senior Software Engineer
extendedcare.com
(847) 790-8629
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Home Page: http://www.daveblack.net <http://www.daveblack.net>> -----Original Message-----
> From: Karim Amrani [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 06, 2000 11:25 AM
> To: fw mailing list
> Subject: [FW1] Incoherent protected hosts accounting
>
>
> Hi,
>
> We are running FW1 4.1 (build 41489) on a Sun Solaris 2.6 box.
>
> We have a LAN/DMZ/internet configuration. I activated anti-spoofing
> (internal is (and only is) 192.168.x.x ; DMZ is 192.168.y.y
> or our valid
> addresses).
>
> The FW is barking that it detects too many hosts (>25) and the console
> displays 48 hosts IP. Some of them are not allowed on the LAN by the
> Anti-spoofing rules (but I understand that they would be counted in
> despites the rules) and I'm surprised they are not on our LAN but...
>
> Now comes the weird part : when I type 'fw lichosts' it shows only 4
> entries !!! So : this command says 'no problem with your license' and
> the console says the opposite. 'fw lichosts' is wrong anyway
> since there
> are a lot more than 4 IP on the LAN.
>
> Note : I read the FAQ on Phoneboy that was about taking care of the
> 'too many hosts detected' error but nothing about the inconsistency
> between 'fw lichosts' and the list that appears in the console... And
> yes, $FWDIR/conf/external.if contains the right interface...
>
> Did anyone run into that problem ? Is there a trail I missed ?
>
> TIA,
> Karim AMRANI
>
begin:vcard n:AMRANI;Karim tel;cell:00 33 6 14 64 72 28 tel;fax:00 33 5 46 28 15 01 tel;work:00 33 5 46 28 15 00 x-mozilla-html:TRUE url:www.pole-n.com org:COGELOG/Pole-N adr:;;;La Rochelle;;17000;France version:2.1 email;internet:[EMAIL PROTECTED] title:Architecte R�seaux fn:Karim AMRANI end:vcard
