Re: Checkpoint Firewall Error
From: Richard H. Miller (rick_at_bcm.tmc.edu)
Date: 08/10/05
- Next message: Walter Roberson: "Re: Any advantage to 2 DSL's"
- Previous message: Floyd L. Davidson: "Re: Wrt54G is a FW appliance?"
- In reply to: Wayne: "Re: Checkpoint Firewall Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Aug 2005 17:22:25 GMT
Wayne (wayne@briz.oz) wrote:
: It sounds like you are handling more connections than the Connection Table
: can handle. Go into the Firewall object and look for "Capacity Planning", by
: default it is setup for up to 25,000 connections. Double this to 50,000,
: you'll see the memory allocation automatically adjust.
Actually it is more likely that the user is out of memory. When the connection
table is exhausted sessions are simply dropped. The firewall will appear to be
running fine, people with existing connections will see no problems but attempts
to make new connections will fail.
The user needs to do a 'fw ctl pstat'. This will probably point out that one of
the memory pools is exhausted.
However, your suggestion might well solve the issue since increasing the connection
table does, as your pointed out, increase the automatic memory allocation.
Richard H. Miller, MCSE, CCSE+
Information Security Manager
Information Technology Security and Compliance
Information Technology - Baylor College of Medicine
: Wayne McGlinn
: Brisbane, Oz
: "badraylaw" <raymond.law@my.e-cop-dot-net.no-spam.invalid> wrote in message
: news:Rt6dnQEXPKOmRWXfRVn_vQ@giganews.com...
: > Hi all,
: >
: > I need some help over here, recently i just installed a Checkpoint
: > Firewall version R55 with Hotfixes HFA15 on windows 2000 Server. The
: > Checkpoint Firewall is running stand alone. After run for one week,
: > it show some errors in the windows event viewer,
: >
: > \Device\FW1, FW-1: fwconn_chain_get_something: fwconn_chain_l-->.
: > \Device\FW1, -->ookup failed (5).
: > \Device\FW1, ndis_allocate_buffer: failed to allocate 1445 by-->.
: > \Device\FW1, -->tes(0xc0000001).
: > \Device\FW1, ndis_packet_duplicate: failed to allocate buffer.
: > \Device\FW1, FW-1: one_packet_duplicate_if_needed(85ad130c): -->.
: > \Device\FW1, -->duplicate failed.
: > \Device\FW1, FW-1: one_cookie_put_data: failed to duplicate c-->.
: > \Device\FW1, -->ookie.
: > \Device\FW1, FW-1: cookie_put_data_at: failed to put one cookie.
: > \Device\FW1, FW-1: fw_xlate: cannot restore data in packet.
: > \Device\FW1, Error: FW-1 failed to generate the log record..
: > FW-1: stopping debug messages for the next 59 -->.
: > \Device\FW1, -->secon.
: >
: >
: > \Device\FW1, NDISWANIP.
: >
: > Anyone have any idea what is the reason this error coming out and what
: > is the solution?
: > This errors make my firewall hang for whole night. After reboot the
: > machine, it is working fine again.
: >
: > I would appreciate to have your expert advise on this.
: >
- Next message: Walter Roberson: "Re: Any advantage to 2 DSL's"
- Previous message: Floyd L. Davidson: "Re: Wrt54G is a FW appliance?"
- In reply to: Wayne: "Re: Checkpoint Firewall Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
