Jim,
I'll take a stab at it.
Yes it might be a licensing issue. If you clear the
$FWDIR/database/fwd.hosts and it worked, my
guess is that you had exceeded your licensing of
50 or 80 users. Look in /var/adm/messages for
any indications of this.
I do not know how CP handles the expiring of
multiple licenses, when one is an eval and one
is permanent/timed? How old is the 30 day license?
If there aren't any clear indicators of license violations,
write back to the list and include your network layout,
which interface(s) is/are licensed and any other
messages found above, which may help explain
what's going on.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Jim Robinson <[EMAIL PROTECTED]> 9/29/00 12:51:33 AM >>>
>
>I have a problem and was wondering if someone could help me out. I have a CP
>4.1 NT box with a perm 50 user lic and a temp (30 day) unlimited lic.
>Everything was working fine until last week or so when several users could
>not access http from the internet. Upon inspection i found that the sesson
>auth agent was failing to validate fw-1 user id's that had a specified
>"from" and "to" network. A temporary solution seemed to be deleting the
>fwd.hosts file. Everything worked for about a day and then it blew up again.
>Fw-1 users that did not have a "from" or "to" net defined (ie any, any) were
>unaffected and are allowed to all urls's.
>
>My rule looks like this.
># SRC DST SERVICE Action
>19 all users@any any http https pop-3 ftp session auth
>
>Session auth properties are:
>Src. intersect with user DB
>Dest. intersect with user DB
>Contact agent at . SRC
>No policy server
>
>
>The alerts im getting when a user fails to connect with the session agent
>is:
>Rule 19 Connection to session agent failed, and
>User is not in the right group
>
>For example i have 2 users:
>admin src: any dst: any
>user1 src: valid_nets dst: .americanexpress.com .epx.com
>
>Could this be a licensing issue?
>Why is the admin user unaffected by this?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================