NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN-1 Accelerator card and Solaris 2.6






Wyman,

Do you have something preventing you from upgrading to 4.1?  The
accelerator card works extremely well under SP1 & SP2.  There's also no
need to worry about needing a "special" build of the software.  It's just a
matter of adding the driver, and you're done.

-Mike




Wyman Stocks <[email protected]> on 09/15/2000 03:10:47 AM

Please respond to [email protected]

To:   "FW-1 Mailing List" <[email protected]>
cc:    (bcc: Mike Semaniuk/Triumph)

Subject:  [FW1] VPN-1 Accelerator card and Solaris 2.6





We currently have and Sun E250 running Solaris 2.6 (and the latest cluster
patch from Sun) with the VPN-1 Accelerator Card installed and Checkpoint
4.0.
 Prior to installing the Accelerator Card we were using SP3 and then
installed the Accelerator Card build on top of that.  I read that you
weren't
supposed apply SP3 on top of the AC build.  Is it a problem the other way
around like we did it?

A couple of things we've noticed so far:

1) The 'fw ctl pstat' does not show 'Hash kernel memory statistics' or
'System kernel memory statistics' details any more.  It only shows the
headings, such as "hmem kernel memory statistics:", but nothing follows.
However, if I go into crash and do 'od -x fwhmem' it shows the memory
change.

2)  After adding IKE tunnels the FWZ tunnels start timing out.  Both sides
will eventually sync up and the FWZ tunnels will work, but it's very slow
to
start sending traffic.  There are a couple rejects because the other end
doesn't respond with the FWZ scheme in time.  Then all of a sudden both
sides
will agree on FWZ and all is well.  This is not the case with the IKE
tunnels.

Has anyone else noticed either the pstat output difference or problems with
FWZ tunnels?

We have over a hundred FWZ tunnels that we want to roll over to IKE tunnels
and use the card.  Currently, we have another E250 built with the same
config
that is running Solaris 2.5.1 and does not have the AC.  I'm not sure
whether
we should just quickly convert all the tunnels to IKE or rebuild the
Solaris
2.6/AC box without ever having SP3 on it before going any further.

Any comments or suggestions would be greatly appreciated.  I can provide
more
details on the configuration if that would help.

Thanks in advance,
Wyman


--
Wyman Stocks, CCSE, CCNA, CISSP
Network Systems Consultant - Lucent NPS
Raleigh, NC


===========================================================================
=====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
===========================================================================
=====








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.