Hi
Thanks a lot
this seems to be the answer; I´ve done what you both have told and it goes
smooth again (until next weird failure :) )
Thanks to all of you for your help
Best regards
Jesus Calvo
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Glover, Duke" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 8:56 PM
Subject: RE: [FW1] operation would block
>
> Duke you are right - it is the control connection timing out.
> To change it add 'fwd_conn_tout (x)' to the $FWDIR/lib/setup.C on the
> firewall system and the managment station.
> x - the timout in seconds, default is 25.
>
> e.g.
> :fwd_conn_tout (40)
>
> --------------------------------------------------------------------------
------------------
>
> C. Paul Simons
> Corporate Network Security Services
> IHS Energy Group, Englewood, CO.
>
> Main: +1 303 736 3000
> Direct: +1 303 736 3451
> Fax: +1 303 736 3860
> Mobile: +1 303 748 5242
>
>
>
> "Glover, Duke"
> <[EMAIL PROTECTED]> To:
[EMAIL PROTECTED], [EMAIL PROTECTED]
> Sent by: cc:
> [EMAIL PROTECTED] Subject:
RE: [FW1] operation would block
> kpoint.com
>
>
> 23-02-01 09:41
>
>
>
>
>
>
> Hi Jesus,
>
> If I recall correctly, "operation would block" is the result of a timeout
> being reached when trying to install your security policy. This timeout
> can
> be increased. I believe the default is 25 seconds. I forget where I once
> read this. Can anyone verify or come up with a document that shows what
> file to modify to increase this timeout ?
>
> HTH,
>
> Duke
>
> -----Original Message-----
> From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 23, 2001 10:59 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] operation would block
>
>
>
> Jesus,
>
> You have two rules that are similar and the second one
> will never be chosen, hence 'Operation would block'
>
> Dumb example:
>
> Rule 1: any any any accept
> Rule 2: ws1 svr1 http drop
>
> Rule 1 will always win and rule 2 will never work (and
> the implied cleanup rule won't work either in most cases.)
>
> Robert
>
> - -
> Robert P. MacDonald
> Global Infrastructure Group, Haworth, Inc.
> Voice: +1.616.393.1247
> email: [EMAIL PROTECTED]
>
> >>> "Jesus Calvo Hernandez" <[EMAIL PROTECTED]> 02/23/01 09:47AM >>>
> >hi all fw1 sufferers:
> >
> >does anyone has found this error when compiling the policy?
> >
> >Failed to Install Security Policy on fw1: Operation would block
> >
> >and better, does anyone how to solve it?
>
>
>
>
>
============================================================================
>
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
>
> ====
>
>
>
============================================================================
====
>
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>
>
>
>
------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to whom
it is addressed. Any views or opinions presented are solely those of the author and do
not necessarily represent those of Sema Group.
If you are not the intended recipient, be advised that you have received this email in
error and that any use, dissemination, forwarding, printing, or copying of this email
is strictly prohibited.
------------------------------------------------------------------
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
