| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Objects.c: Maximum size reach
Leymarie,
I can't express me well,
What I can say is that you can do a cleaning in
_objects.c_ file not on the number of objects on
firewall.
You can do this cleaning editing objects.c file with
notepad, and in ":netobj" section you can follow the
example bellow:
Origial object on objects.c file:
: (test1
:color (black)
:type (host)
:host_schemes_val (115)
:host_schemes_names (
: (SecurID)
: ("S/Key")
: (RADIUS)
: (Defender)
: (TACACS)
)
:fgver (4.1)
:comments ()
:location (external)
:firewall (not-installed)
:floodgate (not-installed)
:third_party_encryption (false)
:cluster_member (false)
:management (false)
:ipaddr (10.0.0.1)
:fwver (4.1)
)
Now you can strip down the objects "test1" and "test2"
like this:
: (test1
:type (host)
:ipaddr (10.0.0.1)
)
In this case you are able put more objects on
database, and you will bypass the limitation of
checkpoint (that point to me, some time ago) that are
no problem... :| ).
I hope that this work for you too.
Best regards,
Klaubert Herr
--- LEYMARIE Gerard <[email protected]>
wrote:
> Of course, in a first time I cleaned up the
> database, but I really need my
> objects and more!!!
>
> Here the answers of chkpt support:
>
> Currently if your objects.c file grows close to or
> exceeds 1mg, or you have
> more than about 1000 or so objects, you will start
> to see performance issues
> and in extreme cases the Firewall may fail to
> compile the policy. In order
> to remedy the situation you will need to scale down
> the objects.c file. You
> can do this by not defining each individual
> workstation unless it plays a
> special role such as Email server, web server, or
> databse. In Firewall
> version 5.0 this issue should be addressed allowing
> for a greater objects.c
> file.
>
> My conclusion is: Checkpoint is wrong mhen they say
> there is no limit for
> objetcs.C
>
> In version 3.0 it was possible to modify the HEAP
> parameter to provide more
> memory available for the compilation daemon. But in
> the 4.x version this
> parameter has disapear.
>
> I think the daemon do a malloc of 1Mo and that's all
>
>
>
>
> -----Original Message-----
> From: Klaubert Herr da Silveira
> [mailto:[email protected]]
> Sent: Tuesday, October 10, 2000 3:39 PM
> To: [email protected]
> Subject: RE: [FW1] Objects.c: Maximum size reach
>
>
>
> I hit this problem some time ago, and I turn around
> by
> editing the objects.c file and do a clening on it.
> I retire all that is not needed.
> So I could put 2000 objects on firewall...
> But you must take care on change the file, once is
> sensitive.
>
> Klaubert Herr
>
>
> All,
>
> I think I reached the maximum size of objects.C
> (1Mo)
> because when I add
> something to my configuration, my management hang (
> it
> doesn't compile, it
> do anything), even if you wait for a long time.
> Normally my compilation
> takes less than 30 seconds.
> When I remove some object ( until the size of the
> file
> is more than 1Mo),
> the compilation works fine!
>
> Does anyone can help me with this problem?
>
> My environnement is FW-1 4.1SP2 uder NT4SP6a for the
> management.
>
> Many thanks
>
>
> __________________________________________________
> Do You Yahoo!?
> Get Yahoo! Mail - Free email you can access from
> anywhere!
> http://mail.yahoo.com/
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
