fw lichosts

[Danielpb]

Wonder if someone might she some light on the results I see when running this command.

The results are well over the limit of the Licence installed, how ever allot of the host's are from 2005 etc. any idea why this is.

Some results:

eth- 8/12/2005 15:57> host:192.168.200.244 src:192.168.200.244 dst:192.168.200.252 proto:icmp
eth- 8/12/2005 15:57> host:192.168.200.253 src:192.168.200.253 dst:224.0.0.18 proto:vrrp
eth- 8/12/2005 15:58> host:192.168.200.194 src:192.168.200.194 dst:192.168.14.10 proto:tcp sport:3874 dport:microsoft-ds
eth- 8/12/2005 15:58> host:192.168.200.215 src:192.168.200.215 dst:192.168.202.10 proto:tcp sport:vlsi-lm dport:loc-srv
eth- 8/12/2005 15:58> host:192.168.200.222 src:192.168.200.222 dst:192.168.245.82 proto:udp sport:3661 dport:snmp-read

[DoubleYou]

Quote:

Originally Posted by Danielpb

Wonder if someone might she some light on the results I see when running this command.

The results are well over the limit of the Licence installed, how ever allot of the host's are from 2005 etc. any idea why this is.

This is a recurring issue in many CP related fora. The problem is that the firewall keeps track of all internal hosts (i.e. machines behind internal interfaces) in its hosts table, for an indefinite period of time. For one reason or another, this number keeps growing, even though there aren't that many different IPs in use, but over a longer period of time (like in your case, since 2005), this is of course an issue.

The explanation on how to clear the tables is give in another thread:
Clear LicHosts

There seems to be no other solution to this problem besides regularly clearing this table. I found that rebooting the firewalls in a cluster after clearing the tables is advisable - otherwise they seem to go beserk...

Good luck!