Hi again,
I've received a lot of reply from my first summary, so here's a second one.
First, my question was:
We have a client who is using Firewall-1 v 2.0 light and he receiving every
hour a syslog error message saying that fw-1 has to many internal hosts with
a list of all known internal node IP.
Since Fw-1 light can only protect 50 internal nodes, we were in trouble with
this message even if the software was doing the job properly.
After talking to SunService, we came up with a solution:
The file /etc/fw/conf/external.if must only contain the name of the network
interface that is acting as the external interface tio the Internet. Like in
our case, our Firewall has le0 and le1 as interface and le1 is the external
one. So we put le1 in the file.
Second, we deleted the file /etc/fw/database/fwd.c that is created by FW-1
and contains all internal IP known or detected by FW-1. We did restarted
the software and everything work ok.
A lot of reply talked about the licensing of Firewall-1 Light... I was brougth
to believe that the 50 internal nodes protected was dynamic. What I mean is
at any time, you could not have more than 50 active Ip node using the Firewall.
From a reply I received, the licensing is FW-1 Light can protect a network
of at most 50 internal nodes (whatever the nodes are doing!!!).
So it's king of weird, because our client has a lot of xterm and HP laserjet
printer that will never use the Net, so are we illegal ? I don't know
anymore but it's sure not logical...
Anyway, I hope I've answer all questions about this subject...
-- Simon-Bernard Drolet E-mail: Simon-Bernard.Drolet@Sisca.qc.ca Analyste systeme No.tel: (819) 564-4003 ext.284 Sisca Inc, Sherbrooke, Quebec No.fax: (819) 569-8597 #include <std/disclaimer.h> /* http://www.sisca.qc.ca */
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:05 CDT