[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to clear the internal hosts count on NG
Title: Message Sammy
-
I have
not used NG, and I now have an unrestricted license, but I used to run into your
problem all the time when we had a license for 256 IPs. I used to clear
out the files like you did, but would still get the message about too
many internal hosts, whereas in fact I had well under the limit. I was
told at the time that FW-1 was counting the hosts it saw, but I was able to
disprove that. I unhooked the firewall from the internal network one
night, deleted the files, etc. (it seems to me there was an additional step or
two), then restarted the firewall. The message about too many internal
hosts re-appeared instantly, even though there were, at that point zero internal
hosts.
Then I
realized that FW-1 is probably calculating the number of potentially available
hosts from the information NT had about our internal networks, which it gets
from the IP info for the interfaces. For example, at the time we had a
class C network on one internal network (but not completely used), and a second
subnetted C network on a second internal interface, on which only about 3 IPs
were used. FW-1 saw this as potentially having more than 256 hosts, and
reported the error.
I then
removed one of the interfaces in NT, and the error message disappeared.
I did this test several times to try to prove to our Checkpoint support
folks how this worked.
The
good news, with us anyway, is that the error message did not seem to matter -
the FW-1 software went on working fine.
Thanks.
Please note my new address: [email protected]
|