Ok, what just happened? All of my interfaces just went down or people can still access my internal web server but my internal users cannot access the Internet. Here are just two of the many things that can happen on some idle Tuesday morning.
As being the great admin that you are you check the logs and see an error message saying ôsignal 11ö and you think to yourself what is signal 11 and what does it mean.
Well 99.9 percent of the time a ôsignal 11ö means that you have a port conflict. And a quick way to check this is by looking at the daemon that was shutdown on the following line in the logs.
The best and fastest way to check for a port conflict is to open the gsp.cf file in the sg/ directory. This file lists all of the ports that the SEF/Raptor/VR/SGS is listening on and if you have two of the same port numbers in this file then you have a port conflict.
90 percent of the time the conflict is caused by DNSD, The admin wants to pass traffic through the firewall to a DNS server, so the admin creates DNS Rules that allows this traffic to pass from the internal network to the internet or DMZ. This will create a port conflict because the Raptor/SEF is an application firewall and it has a DNSD daemon that listens for DNS requests plus the admin has her own rule and protocols listening for DNS requests.
Before Symantec release the June 2003 patch another big reason for port conflicts and signal 11 messages was when the admin used the all* rule in the services. This rule should not be used for two reasons. One it can cause port conflicts and two all* means everything, donÆt be lazy create the rules that your users need and keep the rules up to date.
From more information check the Symantec support site.
Signal 11 Troubleshooting Guide
http://service1.symantec.com/support/ent-gate.nsf/docid/2002120307104654?Open&src=w
Using ALL* as a service in rules
http://service1.symantec.com/support/ent-gate.nsf/docid/2002111908175854?Open&src=w
Product Updates
Symantec Enterprise Firewall 7.0 for Windows NT/2000
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_firewall_7_nt/files.html
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.