Re: [FW-1] Firewall-1 failure after applying Solaris patches.

Subject:	Re: [FW-1] Firewall-1 failure after applying Solaris patches.
From:	Simon Ashford <Simon.Ashford AT NPL.CO DOT UK>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Sun, 28 Aug 2005 00:17:15 +0100

In answer to my own question:

It seems the following Solaris patches break Firewall-1:

115553-19:

  Causes an error during the initial Firewall-1 boot configuration:
  immediately after the first set of "Autopushing over ..." messages
  it gives "ioctl: out of streams reesources" followed by several
  screens of verbose errors starting "ap: usage..."

  Backing out the patch does not fix the problem.

  Revision 15 of this patch was OK.

112963-23:

  Causes SEGV and core dump on several processes started by
  /etc/rc3.d/S99cpboot.

  Backing out to revision 18 fixes the problem.

This is on an E220R server, Solaris 9 64-bit, with R55 HFA-15.

These patches were downloaded automatically by the PatchPro utility.
I guess they will also be present in the latest Recommended/Security bundle.

Anyone fromn Sun or CheckPoint reading this and care to comment?


Simon Ashford.


-----Original Message-----
From: Simon Ashford [mailto:Simon.Ashford AT npl.co DOT uk]
Sent: 25 August 2005 15:58
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Firewall-1 failure after applying Solaris patches.


I recently applied the latest set of Solaris patches to our
firewall machine (using Solaris Managament Console + PatchPro).
But it then failed on reboot - verbose "usage" diagnostics from
(I think) the "ap" command during interface configuration,
other FW1 commands failing with Segmentation Fault + core
dumps.

Tried backing out the likely suspects - kernel patch, TCP patch
and a couple of others.  But made no difference so eventually had
to restore the entire system from a backup.

Anyone else seen this?  Is there a particular patch to blame?

System details: E220R server, Solaris 9, NGAI R55 HFA-13 (but
have since installed HFA-15 - might improve things...?)

Thanks in advance.


Simon Ashford.

-------------------------------------------------------------------
This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.

NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.

NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
                   Hook, Hampshire, United Kingdom  RG27 9UY
-------------------------------------------------------------------

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

-------------------------------------------------------------------
This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.

NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.

NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
                   Hook, Hampshire, United Kingdom  RG27 9UY
-------------------------------------------------------------------

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Firewall-1 failure after applying Solaris patches., Simon Ashford [FW-1] VLANs, Jørn Dahl-Stamnes Re: [FW-1] Firewall-1 failure after applying Solaris patches., Simon Ashford <= Re: [FW-1] Firewall-1 failure after applying Solaris patches., Rajeev Gupta Re: [FW-1] Firewall-1 failure after applying Solaris patches., Simon Ashford Re: [FW-1] Firewall-1 failure after applying Solaris patches., Rajeev Gupta

Previous by Date:	Re: [FW-1] VPN Tab in NGX SmartConsole, Reinhard Stich
Next by Date:	[FW-1] problem installing hotfix, Lino Eduardo Avila Rodríguez
Previous by Thread:	[FW-1] VLANs, Jørn Dahl-Stamnes
Next by Thread:	Re: [FW-1] Firewall-1 failure after applying Solaris patches., Rajeev Gupta
Indexes:	[Date] [Thread] [Top] [All Lists]