"Server Not Responding" errors in CKPfw Security Policy
Check Point's Security Policy loads all objects (in objects.C) and rulebases (rulebases.fws) when starting up. When these files become large, the time to load may exceed the default 25 second timeout value resulting in "Server Not Responding" or "Incorrect reply from server (seq or subject mismatch) messages.
You may either:
1. Reduce the number of rulebases loaded (recommended). Back up the existing rulebases.fws file, and create a new rulebases.fws with one or more of your rulebases.
mv $FW_DIR/conf/rulebases.fws $FW_DIR/conf/rulebases.fws.`date +%m.%d.%y`
$FW_DIR/bin/fwm -g $FW_DIR/conf/rulebase.W
Note: you probably want to add more than one rulebase to make it easy to revert to previous rulebases.
2. Increase the default 25 second timeout value:
ex. SERVER_TIMEOUT 45 $FW_DIR/bin/fwpolicy &
No comments:
Post a Comment