[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall-1 License Violation
I had the almost same problem! Especially when I run FW Lichosts, I also saw internet IP host as my internal host! Instead, I've got FloodGate-1 license violation! Felix Xia Network Administrator North American Quotation Telext. 233 FaxCompany - www.naq.com Personal - www.wansolution.com <http://www.wansolution.com> -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of DiGeronimo,Sergio Sent: Thursday, October 05, 2000 10:16 AM To: [email protected] Subject: [FW1] Firewall-1 License Violation Hi there, I am looking for help on a strange problem we are having with our FireWall-1 implementation. First, we are running two FW-1 4.1 SP2 (Firewall Only Modules) on two Sun E250's with Solaris 2.6. Our E250's are also running Stonebeat FullCluster 2.0 in a load balancing configuration. We are using FireWall-1's automatic destination address translation to allow connectivity to an internal server from the Internet and correspondingly configured the same NAT in our Stonebeat configuration. Now for our problem; from time to time we are receiving a 'License Violation' warning from FireWall-1 (we have a 50 node license). When we run 'fw lichosts' we see entries listing Internet source IP's as internal hosts - we cannot comprehend how this can be so? We referred to our FW-1 manual and verified that we have no cabling issues (no alternate paths from the outside world to our internal network or vice-versa!) and checked our FW-1 logs to verify if Internet sources are arriving on our external interface. Also, we verified that we have the correct device name specified in $FWDIR\conf\external.if. What further compounds the problem is that it seems that only on occasion will Internet sources be seen as internal hosts - why? Could this have anything to do with our NATing? I was wondering if anyone in the FireWall-1 community has experienced this or something similar to it before - your help would be much appreciated! Thank-you. Regards, Sergio Di Geronimo Network Analyst Siemens Business Services [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|