Hi,
I have a client who has the following problems with a firewall-module. The box is a Ultra-5, Solaris2.6, FW-1 4.1.
Problem 1:Status of numerous connections determined with: netstat -na
1.1.1.1.256 2.2.2.2.38104 8760 0 8752 0 CLOSE_WAIT
Problem 2: Logswitching cannot be done
firewall:/# /export/home/logical/bin/logswitch.sh
Trying to switch logfile to fw.23.06.00.log
logswitch : cannot connect to fw deamon
Log switch failed
Problem 3: No policy can be applied from Management console - resource temporary unavailable
policy-1.W: Security Policy Script generated into policy-1.pf
policy-1:
Compiled OK.
Downloading Security Policy /opt/CPfw1-41/conf/policy-1.pf to firewall
Failed to Download Security Policy on firewall: Resource temporarily
unavailable
Installing Security Policy on firewall failed
We have review numerous "possible" scenario's regarding the "resource
unavailable" problem and cannot see WHY this would only appear on 1
firewall and not the other. Please note that the firewall object itself
WAS NOT ALTERED at all and ALL IP's etc is still 100%. We only started
up the "System Status Monitoring" utility this morning and realized that
the "firewall" did not show a status.
I have also decreased the "Excessive Log Grace Period" from 62 to 20 as
per suggestion on possible countermeasures for this type of problem.
There is also mention of certain patches on SUN that might have some
form of impact on this issue - patch 3045, 3064 & 3072.
Any suggestions on the cause and cure for these problems would be appreciated.
Thank You,
Christo
