[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] VPN-1 Accelerator card and Solaris 2.6
Wyman, Do you have something preventing you from upgrading to 4.1? The accelerator card works extremely well under SP1 & SP2. There's also no need to worry about needing a "special" build of the software. It's just a matter of adding the driver, and you're done. -Mike Wyman Stocks <[email protected]> on 09/15/2000 03:10:47 AM Please respond to [email protected] To: "FW-1 Mailing List" <[email protected]> cc: (bcc: Mike Semaniuk/Triumph) Subject: [FW1] VPN-1 Accelerator card and Solaris 2.6 We currently have and Sun E250 running Solaris 2.6 (and the latest cluster patch from Sun) with the VPN-1 Accelerator Card installed and Checkpoint 4.0. Prior to installing the Accelerator Card we were using SP3 and then installed the Accelerator Card build on top of that. I read that you weren't supposed apply SP3 on top of the AC build. Is it a problem the other way around like we did it? A couple of things we've noticed so far: 1) The 'fw ctl pstat' does not show 'Hash kernel memory statistics' or 'System kernel memory statistics' details any more. It only shows the headings, such as "hmem kernel memory statistics:", but nothing follows. However, if I go into crash and do 'od -x fwhmem' it shows the memory change. 2) After adding IKE tunnels the FWZ tunnels start timing out. Both sides will eventually sync up and the FWZ tunnels will work, but it's very slow to start sending traffic. There are a couple rejects because the other end doesn't respond with the FWZ scheme in time. Then all of a sudden both sides will agree on FWZ and all is well. This is not the case with the IKE tunnels. Has anyone else noticed either the pstat output difference or problems with FWZ tunnels? We have over a hundred FWZ tunnels that we want to roll over to IKE tunnels and use the card. Currently, we have another E250 built with the same config that is running Solaris 2.5.1 and does not have the AC. I'm not sure whether we should just quickly convert all the tunnels to IKE or rebuild the Solaris 2.6/AC box without ever having SP3 on it before going any further. Any comments or suggestions would be greatly appreciated. I can provide more details on the configuration if that would help. Thanks in advance, Wyman -- Wyman Stocks, CCSE, CCNA, CISSP Network Systems Consultant - Lucent NPS Raleigh, NC =========================================================================== ===== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =========================================================================== ===== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|