[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DNS query problem through firewall
I had 40 as the default but when I did a snoop on the interface to find the query and reply time I saw that it was taking around 60-90 secs (they are fixing the dns prob). I have increased the allow udp replies to 70 secs but do not want to increse it much as this will effect the connections table limit. This seem to have given some relief. I had another problem after the increase. At around 10,000 connections in the connections table, almost all the return packets got dropped and all established sessions through the firewall got disconnected. I have around 75 rules which I am trying to bring down. Firewall kernal memory was increased to 8Mb. Connections was increased to 50000 TCP timeout was increased to 18hrs phew (some weird app requires it). Could these change in parameters be having adverse effect on the overall performance of the firewall. Could this be the reason why the packets started getting dropped at around 10000 connections ? Preet -----Original Message----- From: CryptoTech [mailto:[email protected]] Sent: Monday, November 06, 2000 10:52 PM To: Kumar, Preet (Exchange) Cc: '[email protected]' Subject: Re: [FW1] DNS query problem through firewall Preet, You do not need the DNS over TCP property. Clients use the udp for lookups. What do you have on 'allow udp replies' and the udp reply timeout? CryptoTech *********************************************************************** Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|