RE: [FW1] Firewall-1 License Violation

Thu, 05 Oct 2000 08:30:34 -0700 



I had the almost same problem!
Especially when I run FW Lichosts, I also saw internet IP host as my
internal host!
 Instead, I've got FloodGate-1 license violation!
Felix Xia
Network Administrator
North American Quotation
Tel.  519 6574300 ext. 233
Fax. 519 6573331
Company - www.naq.com
Personal -  www.wansolution.com <http://www.wansolution.com>



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
DiGeronimo,Sergio
Sent: Thursday, October 05, 2000 10:16 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Firewall-1 License Violation



Hi there, I am looking for help on a strange problem we are having with our
FireWall-1 implementation.  First, we are running two FW-1 4.1 SP2 (Firewall
Only Modules) on two Sun E250's with Solaris 2.6.  Our E250's are also
running Stonebeat FullCluster 2.0 in a load balancing configuration.   We
are using FireWall-1's automatic destination address translation to allow
connectivity to an internal server from the Internet and correspondingly
configured the same NAT in our Stonebeat configuration.  Now for our
problem; from time to time we are receiving a 'License Violation' warning
from FireWall-1 (we have a 50 node license).  When we run 'fw lichosts' we
see entries listing Internet source IP's as internal hosts - we cannot
comprehend how this can be so?  We referred to our FW-1 manual and verified
that we have no cabling issues (no alternate paths from the outside world to
our internal network or vice-versa!) and checked our FW-1 logs to verify if
Internet sources are arriving on our external interface.  Also, we verified
that we have the correct device name specified in
$FWDIR\conf\external.if.  What further compounds the problem is that it
seems that only on occasion will Internet sources be seen as internal hosts
- why?  Could this have anything to do with our NATing?

I was wondering if anyone in the FireWall-1 community has experienced this
or something similar to it before - your help would be much appreciated!
Thank-you.


Regards,
Sergio Di Geronimo
Network Analyst
Siemens Business Services
[EMAIL PROTECTED]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to