Re: [FW-1] Network Object Errors after policy install

Subject:	Re: [FW-1] Network Object Errors after policy install
From:	Haris Klitiropoulos <hkli AT SPACE DOT GR>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 26 Nov 2003 09:33:40 +0200

Hello,

probably your machine was upgraded from version 4.1. What you have here
is two or more service objects that define the same service (combination
of protocol and port). What you need to do is edit the properties of the
services mentioned and leave the "Match for Any" setting checcked to
only one of the services. There could be a problem with generic access
rules, where you define "Any" in the service column. In this case FW-1
needs to know which of the two services will be displayed in log
entries, which will be included int the INSPECT code etc.

Haris Klitiropoulos
Data Communication Engineer
Space Hellas S.A.



Chris Cameron wrote:

I've inherited a Firewall-1 NG firewall (If someone can tell me how to
determine the exact version, that'd help) that's running on Sparc
Solaris 8.

My problem is that I get an odd warning message whenever I do a policy
install. The exact warning is:

Warning: Services port conflict. port 6001 (tcp) serves both
<weblogic> and <Unknown>.
Uncheck 'Match for Any' checkbox in the 'Advanced' dialogue for one
of them.

Warning: Services port conflict. port 6002 (tcp) serves both
<weblogicssl> and <Unknown>.
Uncheck 'Match for Any' checkbox in the 'Advanced' dialogue for one
of them.



"<Unknown>" doesn't exist anywhere, I've considered just unchecking
"Match for Any", but it seems to me that this <Unknown> object is the
real problem.


Has anyone run into this before? Any ideas on how I can stop these
warnings?


Thanks,
Chris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Network Object Errors after policy install, Chris Cameron Re: [FW-1] Network Object Errors after policy install, Eric Goulden Re: [FW-1] Network Object Errors after policy install, Jean-Francois Gobin Re: [FW-1] Network Object Errors after policy install, Haris Klitiropoulos <= Re: [FW-1] Network Object Errors after policy install, Amit Schnitzer

Previous by Date:	[FW-1] Safe@connector problem, Kingsley Chu
Next by Date:	[FW-1] Error installing policy - no valid FM license, Neil Kemp
Previous by Thread:	Re: [FW-1] Network Object Errors after policy install, Jean-Francois Gobin
Next by Thread:	Re: [FW-1] Network Object Errors after policy install, Amit Schnitzer
Indexes:	[Date] [Thread] [Top] [All Lists]