Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN-1 Accelerator card and Solaris 2.6

To: [email protected], [email protected]
Subject: Re: [FW1] VPN-1 Accelerator card and Solaris 2.6
From: Wyman Stocks <[email protected]>
Date: Sun, 17 Sep 2000 11:05:53 -0400
Cc: "FW-1 Mailing List" <[email protected]>
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

We have a lot of firewalls deployed with a "standard build" and management wants 
the firewall with the VPN card to be as close to that standard as possible.  They 
could probably be convinced if the VPN card has problems with 4.0 that we know are 
solved with 4.1

Wyman

On Fri, 15 Sep 2000, [email protected] wrote:
> Wyman,
> 
> Do you have something preventing you from upgrading to 4.1?  The
> accelerator card works extremely well under SP1 & SP2.  There's also no
> need to worry about needing a "special" build of the software.  It's just a
> matter of adding the driver, and you're done.
> 
> -Mike
> 
> 
> 
> 
> Wyman Stocks <[email protected]> on 09/15/2000 03:10:47 AM
> 
> Subject:  [FW1] VPN-1 Accelerator card and Solaris 2.6
> 
> We currently have and Sun E250 running Solaris 2.6 (and the latest cluster
> patch from Sun) with the VPN-1 Accelerator Card installed and Checkpoint
> 4.0.
>  Prior to installing the Accelerator Card we were using SP3 and then
> installed the Accelerator Card build on top of that.  I read that you
> weren't
> supposed apply SP3 on top of the AC build.  Is it a problem the other way
> around like we did it?
> 
> A couple of things we've noticed so far:
> 
> 1) The 'fw ctl pstat' does not show 'Hash kernel memory statistics' or
> 'System kernel memory statistics' details any more.  It only shows the
> headings, such as "hmem kernel memory statistics:", but nothing follows.
> However, if I go into crash and do 'od -x fwhmem' it shows the memory
> change.
> 
> 2)  After adding IKE tunnels the FWZ tunnels start timing out.  Both sides
> will eventually sync up and the FWZ tunnels will work, but it's very slow
> to
> start sending traffic.  There are a couple rejects because the other end
> doesn't respond with the FWZ scheme in time.  Then all of a sudden both
> sides
> will agree on FWZ and all is well.  This is not the case with the IKE
> tunnels.
> 
> Has anyone else noticed either the pstat output difference or problems with
> FWZ tunnels?
> 
> We have over a hundred FWZ tunnels that we want to roll over to IKE tunnels
> and use the card.  Currently, we have another E250 built with the same
> config
> that is running Solaris 2.5.1 and does not have the AC.  I'm not sure
> whether
> we should just quickly convert all the tunnels to IKE or rebuild the
> Solaris
> 2.6/AC box without ever having SP3 on it before going any further.
> 
> Any comments or suggestions would be greatly appreciated.  I can provide
> more
> details on the configuration if that would help.
> 
> Thanks in advance,
> Wyman
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] VPN-1 Accelerator card and Solaris 2.6
  - From: [email protected]

Prev by Date: [FW1] fw load from 4.1 to 4.0 using command Solaris command line?
Next by Date: [FW1] Encryption levels and communication between mgmt and firewall mod ules
Previous by thread: Re: [FW1] VPN-1 Accelerator card and Solaris 2.6
Next by thread: [FW1] Error: No response received
Index(es):
- Date
- Thread