If you've followed the phoneboy instructions and "cleared the
counter" via removal of the fwd.h and fwd.hosts files, then restarted
the fwd, you can issue a fw lichosts to determine which hosts the
fw is counting against the license. -BK
On 14 Jun 2000, at 16:35, Dave Black wrote:
> Hi all,
>
> I'm running FW1 4.0 sp4 (build 4066) on NT. I'm seeing the message "too
> many internal hosts" in my firewall log. I've already setup the external
> interface to be listed in the external.if file and have also reviewed the
> information on www.phoneboy.com <http://www.phoneboy.com> . It would seem
> that we've finally surpassed our license limit (100).
>
> I've looked in the Event Viewer on the firewall (NT box) and noticed that
> there are a huge neumber of errors from FW1 - each listing an IP address.
> I'm assuming that each IP was one that was unfortunate enough to be
> "outside" that limit.
>
> However, there are at least 2 IP addresses that are repeated more than a
> handful of times that are NOT from within my internal network nor are they
> any part of the Class C we use in our DMZs. They have both been dropped by
> Rule 0 - I'm assuming anti-spoofing. One of them is sending HTTP and has a
> destination address that isn't part of this network.
>
> 1. Why are these addresses listed in the internal hosts file? Is this
> possibly a bug in the FW?
>
> 2. How does the firewall determine which IP addresses to place into the
> hosts file?
>
> TIA.
>
> Dave Black
> Senior Software Engineer
> extendedcare.com
> (847) 790-8629
> <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> Home Page: <http://www.daveblack.net/> http://www.daveblack.net
>
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================