Sammy -
I
have not used NG, and I now have an unrestricted license, but I used to run
into your problem all the time when we had a license for 256 IPs. I used
to clear out the files like you did, but would still get
the message about too many internal hosts, whereas in fact I had
well under the limit. I was told at the time that FW-1 was counting the
hosts it saw, but I was able to disprove that. I unhooked the firewall
from the internal network one night, deleted the files, etc. (it seems to me
there was an additional step or two), then restarted the firewall. The
message about too many internal hosts re-appeared instantly, even though there
were, at that point zero internal hosts.
Then
I realized that FW-1 is probably calculating the number of potentially
available hosts from the information NT had about our internal networks, which
it gets from the IP info for the interfaces. For example, at the time we
had a class C network on one internal network (but not completely used), and a
second subnetted C network on a second internal interface, on which only about
3 IPs were used. FW-1 saw this as potentially having more than 256
hosts, and reported the error.
I
then removed one of the interfaces in NT, and the error message
disappeared. I did this test several times to try to prove
to our Checkpoint support folks how this worked.
The
good news, with us anyway, is that the error message did not seem to matter -
the FW-1 software went on working fine.
Thanks.
Please note my new address:
[email protected]
Hi,
I try to
remove the fwd.h & fwd.hosts , make the correct setting for external
interface and restart the firewall . but the "too many internal hosts "
messages still appear .Does anyone know the correct step to clear the
count of internal hosts on NG FP1 ?
Sammy Liu