jerrys @
confucious .
sbi .
com (Jerry Simonowits) writes:
> I'm using Firewall-1 version 2.1 and seem to have run accross a bug. I've
> added more hosts to my database than can be displayed on the screen and
> I get an error message:
>
> XView warning: Menu too large for screen (Command Menu package)
>
> And, nothing is displayed on the screen.
>
> It's been confirmed to me that this is a bug, but I haven't received any
> fixes....
>
> Any suggestions ???
>
> Jerry
>
This is what Sunsolve has to say about this. I hope it helps.
Document ID: 1890
SYNOPSIS: Error message: "Xview warning: Menu too large for screen"
DETAIL DESCRIPTION:
I create 250 hosts, but when I want to install a new rule I am not able
to see the windows with all objects created. I receive the message
"Xview warning: Menu too large for screen". What does this mean?
SOLUTION SUMMARY:
This is a known limitiation. Future releases of Firewall-1 will
probably include a scroll-bar menu instead of this pop-up menu. However
in the meantime here are several workarounds:
1. Edit the files manually.
Instead of using the firewall GUI, you can modify the object file
(objects.C) and the rule file (<rule_name>.W) under /etc/fw/conf with
the command line interface. The format of the file is self-explanatory.
Once you've done that you can type "fw load <rule_name>.W
<hosts>". If
you are using more than 250 objects it is probably faster to edit the
rules and object list using the command line than the GUI anyway.
2. Group the objects and only display those needed.
It is likely that, even if you are dealing with 250+ objects you do not
want to create rules for every one of them. Usually you want to put
your objects into groups and apply the filter rules only to those
groups. If this is the case, you can create groups using the network
object manager under the GUI and for each host you put in a group, in
the host properties, un-select the check-box "Show in Menus".
3. Use networks whenever possible.
Sometimes you do not really need that many hosts. See if you can
group the hosts into network objects.
4. Share the load among several Firewalls.
This is not very attractive because, after all, one reason of getting a
firewall is that you want to manage your entire security policy from a
central point. But if you really need hundreds of hosts and hundreds of
rules to manage them, then you may consider splitting the security
checking between several firewalls. This will also lower the risk of
experiencing performance problems (specially if you are also using VPN
and NAT).
DATE APPROVED: 08/31/96
KEYWORDS: firewall xview warning objects file
OS RELEASE: Solaris/SunOS 2.5/5.5
--
Ken Wilcox Perfect Order Inc.
Account Representative Authorized Sun Reseller
2212 Eagles Nest Lane
Monroeville PA 15146
Phone: +1 412 373 1528 Email: wilcox @
poss .
com
Fax: +1 412 373 1722
References:
-
Firewall-1 bug
From: jerrys @
confucious .
sbi .
com (Jerry Simonowits)
|
|
