Tim's IT-Blog

Just a blog about IT and IT-Problems…

Problem with CheckPoint and Solaris Patch 114344

by admin_import on 24/02/2009

After installing recommended Sun Solaris Patch 114344-25 or newer on CheckPoint Firewall based on Solaris 10 with JumpStart Architecture and Security Scripts (JASS) toolkit there are local problems at DNS lookups on the firewall node.

# nslookup www.ebay.com
… Result was changing between timeout and right result

Resolution:

Kernel Parameter “ip_strict_dst_multihoming” is set to strict value (1) by JASS startup-script /etc/init.d/nddconfig. By Solaris OS default the parameter is set to the unstrict value (0). You have to change the parameter back to the unstrict value (0).

# ndd /dev/ip ip_strict_dst_multihoming 0

And change value from 1 to 0 in JASS startup-script or commented the setting of this Kernel Parameter out.

Remark:

The use of JASS is strictly recommended to harding the Solaris OS of the firewall node.