Duke you are right - it is the control connection timing out.
To change it add 'fwd_conn_tout (x)' to the $FWDIR/lib/setup.C on the
firewall system and the managment station.
x - the timout in seconds, default is 25.
e.g.
:fwd_conn_tout (40)
--------------------------------------------------------------------------------------------
C. Paul Simons
Corporate Network Security Services
IHS Energy Group, Englewood, CO.
Main: +1 303 736 3000
Direct: +1 303 736 3451
Fax: +1 303 736 3860
Mobile: +1 303 748 5242
"Glover, Duke"
<[EMAIL PROTECTED]> To:
[EMAIL PROTECTED], [EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: RE: [FW1]
operation would block
kpoint.com
23-02-01 09:41
Hi Jesus,
If I recall correctly, "operation would block" is the result of a timeout
being reached when trying to install your security policy. This timeout
can
be increased. I believe the default is 25 seconds. I forget where I once
read this. Can anyone verify or come up with a document that shows what
file to modify to increase this timeout ?
HTH,
Duke
-----Original Message-----
From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 10:59 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] operation would block
Jesus,
You have two rules that are similar and the second one
will never be chosen, hence 'Operation would block'
Dumb example:
Rule 1: any any any accept
Rule 2: ws1 svr1 http drop
Rule 1 will always win and rule 2 will never work (and
the implied cleanup rule won't work either in most cases.)
Robert
- -
Robert P. MacDonald
Global Infrastructure Group, Haworth, Inc.
Voice: +1.616.393.1247
email: [EMAIL PROTECTED]
>>> "Jesus Calvo Hernandez" <[EMAIL PROTECTED]> 02/23/01 09:47AM >>>
>hi all fw1 sufferers:
>
>does anyone has found this error when compiling the policy?
>
>Failed to Install Security Policy on fw1: Operation would block
>
>and better, does anyone how to solve it?
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
