Re: [FW1] too many hosts/ how is it calculated

[wmikos@fimat.com]

By virtue of design, Check Point FIG's have technically one external interface
(use this interface to generate your license key).  All other interfaces are
considered internal.  If you, for example, have 10 hosts that will be protected
(that go through the firewall) then you will be okay with a FIG-25.  But
remember, that sooner or later, all devices with IP addresses (servers,
printers, routers, etc.) will somehow, some way find themselves going across the
firewall (broadcasting messages, TCP/IP printing, etc.).

If you surpass your license, Check Point FW will issue warnings and flood your
NT log viewer with IP addresses that surpassed the license count.  This slows
down the performance of the firewall and very likely will disable all
application level services (logging tool, encryption, etc.  Actual inspection
will still take place but it will be heavily handicapped.

You can occasionally clear the hosts counter (stop fw service, erase
fw\database\fwd.h and fw\database\fwd.hosts and restart the fw service) and this
will solve the problem.  This just resets the counter.  But there is the whole
issue of license violation associated with this remedy.

Unlimited modules for Enterprise Centers do not have this problem but are a very
costly answer.

Good Luck!

Sincerely,
          Victor Mikos



/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
_/    Victor Mikos                              _/
_/    FIMAT Facilities Management    _/
_/    Systems and Operations               _/
_/    Chicago, Illinois                         _/
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================