The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: GUI Hangs When Installing Rulebases

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.

I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.

If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)

When installing the security policy, after choosing which firewalled object to install the rulebase on and clicking OK, the GUI comes up with a text box with a button on the bottom that says “Close” but no text displays in the box. FireWall-1 may simply be taking an extremely long time to compile and install a rulebase. This often happens when there is a particularly large object database and/or rulebase. When you have an excessive number of rules or network objects, consider loading policy from the command line as it will be much faster.

The problem can also arise when you install the firewall module in a path that contains spaces. This is a bug that has been reported to Check Point. Meanwhile, the only solution to the problem is to re-install the firewall module into a directory that does not contain spaces. The default (C:\WINNT\FW) is usually a good place to install it.

Check Point has also reported to me that, at least in FireWall-1 4.0, this problem will arise if using RADIUS authentication and the Radius Secret Key is incorrect. You can verify that this is the problem by attempting to “Verify” the rulebase. If you get the message “No Install Targets for Rule n”, then this is the problem. Changing the RADIUS Secret Key will resolve this.

In FireWall-1 3.0, running the GUI on a multi-processor system might also cause a problem. This problem should be cured by build 3083 (i.e. 3.0b SP8) or later.

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.