Hi Dan/All,
Thanks for the tips. fwstop;fwstart would help, but
it's an unacceptable solution to stop all traffic (I
have users telneting, etc.). I already have 1,500+
users upset :)
I'm trying to open a ticket with CP, but since I don't
have support -- they won't help me. Even their
customer advocacy won't help me without a support
contract (ouch!).
I'm also trying to reach some CP techs I met at the CP
User's Conference this year. They told me to call them
about this problem, and they would help -- they won't
return my calls.
Unsettling trend. I'll continue to try, though.
Here's some history:-----------------
When I had support, I made my 1st call 2/4/99 ticket #
6756 on this issue.
Websense/CP blamed my FW version, then my SP level --
finally CP said it was an issue known to FW1 upgrading
(3.0b to 4.0) and that a rebuild from scratch would
fix this problem. I have done all the above -- same
problem remains.
As you pointed out -- CP libraries are to blame.
If CP is not interested in fixing the problem (it has
been 2 years), and it's out of Websense's control, I
am running out of options.
I have no choice but to find an alternative filter
solution if things remain the way they are -- and it
would appear they will. My inablility to apply new
policies during working hours because of this issue is
unacceptable.
Thanks -- Chris
--- "Hubbard, Dan" <[EMAIL PROTECTED]> wrote:
> We have seen an fwstop and fwstart fixing the issue.
> It appears that the UFP
> server reconnects on a start. If you can reboot you
> should be able to
> stop/start remotely...Unless you are somehow hard
> rebooting the system
> (which is very ugly at best).
>
> Anyways, I would open a trouble ticket with
> Checkpoint and let them know the
> issue.
>
> Make sure that you tell them you are using FW1 4.1
> SP3 as it runs the "new
> UFP code".
>
> Let me know how it goes...
>
> -----Original Message-----
> From: Chris F [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 11:06 AM
> To: Hubbard, Dan; Firewall One List
> Subject: RE: [FW1] HTTP Security Server Woes
>
>
> Hi Dan,
>
> No -- I am not doing any caching.
>
> The firewall is in another building, so I can't
> fwstop/fwstart remotely (After the fwstop, I'd lose
> my
> connection <grin>)
>
> My guess is that fwstop/fwstart would work -- since
> the
> kill -1 <pid_of_httpd>
> basically resets the daemon in the same way.
>
> A reboot certainly gets things working again.
>
> If I did try fwstop/fwstart -- what would the
> outcome
> indicate?
>
> Thanks -- Chris
>
>
> --- "Hubbard, Dan" <[EMAIL PROTECTED]> wrote:
> > Chris;
> >
> > Are you using UFP-Caching at all ? If so which
> type
> > ? Also, what happens if
> > you fwstop and fwstart instead of re-booting ?
> >
> > We have seen this before when a policy is
> > re-installed and there is a heavy
> > load on the Firewall the UFP server will not
> > re-establish TCP sessions with
> > the UFP server. However, a fwstop / fwstart should
> > re-stablish the
> > communications.
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Chris F [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, February 13, 2001 6:28 PM
> > To: Firewall One List
> > Subject: [FW1] HTTP Security Server Woes
> >
> >
> >
> > Hi FW1 List,
> >
> > I have Solaris 2.6; FW1 v4.1 SP3
> >
> > I use Websense, therefore, FW1's HTTP Security
> > Server.
> >
> > Whenever I re-install a policy, WWW browsers
> cannot
> > browse. They get that blank page/error from the
> > firewall that says:
> > FW-1 at firewall: Access Denied
> >
> > The ahttpd.elg log file logs the following error:
> > No default track in properties
> >
> > The only solution is to reboot. Sometimes, I can:
> > kill -1 <pid-of-http-security-server>
> > and everything will start working again.
> >
> > This is *not* a Websense issue, but something with
> > FW1.
> >
> > A few weeks ago, I did the last thing I could
> think
> > of: completely rebuilt my firewall (OS and FW1
> fresh
> > installs -- then fwmerged my objects.C file)
> >
> > Anyone have any suggestions for a fix? Help!
> >
> > Thanks -- Chris
> > [EMAIL PROTECTED]
> >
> > PS - I didn't try the "dangle headless chicken
> over
> > firewall" trick. Would that help?
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> -
> > only $35
> > a year! http://personal.mail.yahoo.com/
> >
> >
> >
>
============================================================================
> > ====
> > To unsubscribe from this mailing list, please
> > see the instructions at
> >
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> > ====
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail -
> only $35
> a year! http://personal.mail.yahoo.com/
>
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
