How does the Checkpoint FW-1 calculate the number of hosts

[Christopher P. Mills]

I believe that FW-1 just counts the number of IP addresses "seen" on the
network.

Correct me if i'm wrong someone...

--

Christopher P. Mills (C.P....@rmcs.cranfield.ac.uk)
Web/Network Development Officer
Cranfield University [Shrivenham Campus], Swindon, UK

Tel: +44 (0) 1793 785633
Fax: +44 (0) 1793 785903

PGP Public Key: http://www.cpmills.com/
--

"Raiden" <whf...@yahoo.com> wrote in message
news:Z0i2hxi...@bassett.us.checkpoint.com...
> Hi Guys
>
> I am new to Checkpoint and would appreciate for any help.
>
> My question is that we define the localnet as the follow:
>
> network: 128.1.0.0
> submask: 255.255.0.0
>
> Obvious it is a class B subnet with 65xxx hosts. But in fact there are
only
> 60 hosts in the office.
>
> My question is will it create any licensing problem? Does the checkpoint
> only count those available hosts or will it presume there will be 65xxx
> hosts instead because of the setting of submask?
>
> Regards
>
>
>
>

[Raiden]

[news.checkpoint.com]

I think, only number of installed session calculate, only on internal
interfaces.

Denis Sibirtsev d...@ur.ru
security administrator
Ural Relcom www.ur.ru Russia

"Christopher P. Mills" <C.P....@rmcs.cranfield.ac.uk> wrote in message
news:a8km$2ipAH...@bassett.us.checkpoint.com...

[Rudi Koppelman]

Checkpoint counts all IP addresses exept the ones on the External Gateway.
That why you have to fill it.

"Raiden" <whf...@yahoo.com> wrote in message
news:Z0i2hxi...@bassett.us.checkpoint.com...

[Randall Cosse]

I just got off the phone with a checkpoint saleman and he said that the so
called 250 Hosts limit actually counts objects connected and created
objects. Maybe that was a sales pitch to buy the unlimited version. Some
please educate me if they know.

Rudi Koppelman <r.kop...@ict-on.nl> wrote in message
news:mX1IrYL...@bassett.us.checkpoint.com...

[frac]

I can tell you that when you have a dhcp scope of 200 ip's and only have 60
pc, you will need a license for 200 pc!!

Why?? Because if your pc boot's it is possible he gets a new ip address!! =>
so one pc can get (3 or 10) ip addresses in one week, and checkpoint counts
every new assigned ip address!!

So just set your DHCP scope right (65 ip addresses ) and buy a license of 65
ip addresses!!

I know it for sure because i had this problem at a customer of me

GreetZ,
De Smet Wim

Mail to: wim.d...@telindus.be
Customer Service Security Engineer

TELiNDUS NV/SA
Geldenaaksebaan 335 Tel: 016/38.28.28
B-3001 Leuven URL: www.telindus.be
Belgium

Christopher P. Mills <C.P....@rmcs.cranfield.ac.uk> wrote in message
news:a8km$2ipAH...@bassett.us.checkpoint.com...

[John Chapman]

Time for you to find a new CheckPoint salesman - that guy doesn't have a
clue.

The firewall builds a tally (stored in $FWDIR/database/fwd.h and
$FWDIR/database/fwd.hosts) of each unique Source IP address from each packet
coming through all interfaces except the External interface. (As defined in
your CheckPoint config - i.e. external.if file)

This tally can be reset - a necessary thing if you ever change IP addresses
on one of your internal networks, for example. You need to stop the firewall
(fwstop), delete those files (fwd.h, fwd.hosts) and restart the firewall
(fwstart).

Be absolutely certain that you have the correct interface defined as your
External interface; otherwise, you will be tracking hosts incorrectly.
Likewise, make sure you don't have any backdoors or address pools behind
your Firewall that could artificially inflate your host count. (For example,
you need to account for a RAS pool with dialup users that might access the
Internet or DMZ via your firewall.)

The hosts limit has absolutely nothing to do with Firewall objects, rules,
users or anything else defined within the Policy editor...

Good luck!

"Randall Cosse" <co...@nciss-nato.it> wrote in message
news:r#KMM7iq...@bassett.us.checkpoint.com...