[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Weirdness with SP3
We've been using FireWall-1 for several years now. Lately, each new service pack is met with apprehension. Did they fix the problems we've been running into? What did they break this time? Alas, FW-1 4.1 SP3 has been no different... On one machine, the sacrificial goat, I get the following sequence of messages, newest to oldest, in the event log during boot up (WinNT 4.0 Server w/SP6a): Error: FW1SVC: Fetching Security Policy from localhost failed Error: FireWall-1: Using external interface 'E100B1' Info: FW1SVC: Setting fwforwarding suceeded Error: FireWall-1: fw_ctl_forwarding: setting to 2 Error: FW1SVC: Fetching Security Policy from localhost failed Info: FireWall-1: Remote FireWall MGICAZ is connected Error: FireWall-1: Using external interface 'E100B1' Error: FireWall-1: fw: no license for 'routers' Info: FireWall-1: FireWall-1 server is running Info: FireWall-1: FireWall-1 Management Server is running Info: VPN-1 Accelerator Card is not available At first, I would simply go in and re-install the policy and things would work just fine. After some diddling around with this infernal software this weekend, turns out that if you leave the machine alone for about 10-15 minutes, the security policy somehow ends up getting loaded and everything works just fine. Yet the last message in the event log is "Fetching Security Policy from localhost failed". Go figure. Since this service pack did fix one thing, hundreds of event log entries about an error copying some 55-odd bytes, this service pack was install on a machine at another location with a very identical setup as far as hardware, software, rules and so on. Guess what? The last message in the event log says that fetching the security policy worked. Go figure. A minor beef is that for information messages, or alerts, FW-1 writes it into the event log as an error. 'scuse me, "Using external interface 'E100B1' " and "fw_ctl_forwarding: setting to 2" are errors? Right. So tell me, who writes this stuff and just who QA's it? Kids at home at the kitchen table in their underwear? For the price we pay for this software, we should not be seeing this kind of silliness. BTW, CheckPoint, "suceeded" is spelled "succeeded". Thanks for listening. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|