Hello,
I try to install a FW1 4.1 SP2 on a NT machine (just an unlimited firewall
module, the management console
is on another machine). But my DMZ is composed of multiple subnets (exactly
9 subnets) .
I already have a FW1 3.0b with this configuration and everything is fine
(my DMZ eth card have all the 9 adresses).
When i give 2 ip to the DMZ ethernet interface (for instance
192.168.1.65/27 and 192.168.2.65/27),
everything is ok, the FW can fetch and install the policy from the
management console.
But when i give more addresses to the DMZ interface (for instance
192.168.1.65/27, 192.168.2.65/27
and 192.168.3.65/27), everything become more confused !
the "fw fetch <ip of the MC>" command display: failed to fetch policy: no
valid FM license
if i remove one of the IP, everything works....
more strange:
if i give 192.168.1.65/27, 192.168.1.97/27, 192.168.2.65/27 and
192.168.2.95/27, everything works fine !
It seems that the fw doesn't limit the number of subnets, but the number of
ip classes C where
the subnets are from. My 9 subnets comes from 4 classes C, but i can use
subnets from just 2 classes C.
for instance:
192.168.1.65/27, 192.168.1.97/27 and 192.168.3.65/27
192.168.2.65/27, 192.168.2.97/27, 192.168.4.65/27 and 192.168.4.97/27
but not
192.168.1.65/27, 192.168.2.65/27 and 192.168.3.65/27
The FW license is based on the external IP of the firewall. The external
eth interface only have one ip address.
Does anybody have an idea ???
thank you
Sylvain Mouly
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
