Chris hi,
To determine your firewall version, simply type "fw ver" on the CLI.
Regarding the error message: it means that you have more than one
service defined with the same port number (and that's not necessarily
bad, it's just that both of them have the "match for any" checked in the
advanced properties and that means that anywhere you have "any" in your
rulebase in the services column, the firewall will not know which of
them to use).
In order to discover the "unknown" services that are conflicting I would
suggest you do the following within you Firewall GUI:
GO to "view" and select "OBJECTS LIST". Make sure SERVICES is selected
in the OBJECTS TREE. Then sort by port. This will list the services with
the same port number together.
FYI, port ranges can also cause the same problem so check if you have
port ranges that include the abovementioned services as well.
Amit Schnitzer
Senior Security Specialist
Spider Solutions LTD.
-----Original Message-----
From: Chris Cameron [mailto:chris AT UPNIX DOT COM]
Sent: Tuesday, November 25, 2003 4:42 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Network Object Errors after policy install
I've inherited a Firewall-1 NG firewall (If someone can tell me how to
determine the exact version, that'd help) that's running on Sparc
Solaris 8.
My problem is that I get an odd warning message whenever I do a policy
install. The exact warning is:
Warning: Services port conflict. port 6001 (tcp) serves both
<weblogic> and <Unknown>.
Uncheck 'Match for Any' checkbox in the 'Advanced' dialogue for one
of them.
Warning: Services port conflict. port 6002 (tcp) serves both
<weblogicssl> and <Unknown>.
Uncheck 'Match for Any' checkbox in the 'Advanced' dialogue for one
of them.
"<Unknown>" doesn't exist anywhere, I've considered just unchecking
"Match for Any", but it seems to me that this <Unknown> object is the
real problem.
Has anyone run into this before? Any ideas on how I can stop these
warnings?
Thanks,
Chris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
