Christo,
All three of these are related. You have
not allowed access properly. You also
may have some key issues, though
unlikely. What does your log say(search
for drops/rejects based on rules.)
This is just an indication that a TCP
connection is waiting to close down (for a
nail-biting edge-of-the-seat riviting explaination,
see RFC793 ;)
Port 256 is used for a few different functions.
- Installing a policy (see your error #3)
- CA & DHKey exchanges for FWZ and SKIP
between fw mgt.
- Older secure remote used this to fetch topology
and encryption.
Once you allow access, these will drop to a minimum
or go away(so to speak.) Read on...
Check your rules and policy properties. You
need to allow the GUI station access to the fw mgr.
Verify all of your rules, policy properties, check for
any errors when starting the system(s), etc.
If you still cannot fix this, please reply and tell us
what your policy prop are, your rule(s) layout(just
the ones involving the GUI station, fw mgr and
fw(s) themselves.
Best of Luck!
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Christo Van Jaarsveld <[EMAIL PROTECTED]> 6/23/00 4:47:26 AM >>>
>Hi,
>
>I have a client who has the following problems with a firewall-module. The
>box is a Ultra-5, Solaris2.6, FW-1 4.1.
>
>
>Problem 1:Status of numerous connections determined with: netstat -na
>1.1.1.1.256 2.2.2.2.38104 8760 0 8752 0 CLOSE_WAIT
>
>Problem 2: Logswitching cannot be done
>firewall:/# /export/home/logical/bin/logswitch.sh
>Trying to switch logfile to fw.23.06.00.log
>
>logswitch : cannot connect to fw deamon
>Log switch failed
>
>Problem 3: No policy can be applied from Management console - resource
>temporary unavailable
>policy-1.W: Security Policy Script generated into policy-1.pf
>policy-1:
>Compiled OK.
>
>Downloading Security Policy /opt/CPfw1-41/conf/policy-1.pf to firewall
>Failed to Download Security Policy on firewall: Resource temporarily
>unavailable
>Installing Security Policy on firewall failed
>
>We have review numerous "possible" scenario's regarding the "resource
>unavailable" problem and cannot see WHY this would only appear on 1
>firewall and not the other. Please note that the firewall object itself
>WAS NOT ALTERED at all and ALL IP's etc is still 100%. We only started
>up the "System Status Monitoring" utility this morning and realized that
>the "firewall" did not show a status.
>
>I have also decreased the "Excessive Log Grace Period" from 62 to 20 as
>per suggestion on possible countermeasures for this type of problem.
>There is also mention of certain patches on SUN that might have some
>form of impact on this issue - patch 3045, 3064 & 3072.
>
>Any suggestions on the cause and cure for these problems would be
>appreciated.
>
>Thank You,
>
>Christo
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
