CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix! 
All Videos In One Space
Hi All,
On a R80.10 gateway with jumbo take 272 I am testing the Accelerated Drop Rules feature from sk67861. I have created a file with IP-addresses, but get an error when importing this file.
ioctl to the SecureXL device failed (rc=-1, errno=12)
ioctl failed
The file contains 6694 entries, so maybe this is above some kind of limit. So I created a file with only one IP-address and this seems to work:
[Expert@FW:0]# sim dropcfg -f test
Drop rules (Match after conn lookup):
Enforced on all interfaces
Source Destination DPort PR
------------------ ------------------ ----- ---
1.1.1.1/32 * * *
Are you sure you want to continue (Y/N) ?
y
drop entries configured successfully
But when I check to see if everything is OK, I get the following error:
[Expert@FW:0]# sim dropcfg -l
ioctl getdropcfg#1 failed
Has anyone used this function before with success? Does any one know what those errors mean? Is there a limit for the number of entries in the file?
Best regards, Martijn
PhoneBoy
Thanks.
TAC is involved, but can not tell me what the message means.
I hope to get an answer soon
Timothy_Hall
There are definitely length limits for various SecureXL blocking features, see this related thread:
Hi All,
TAC advised us to use the 'fw samp batch' methode which we did and this was succesfull.
Regards,
Martijn.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY