Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] TCP port connections

To: "'Brian Noecker'" <[email protected]>, [email protected]
Subject: RE: [FW1] TCP port connections
From: Michael Liberte <[email protected]>
Date: Tue, 12 Dec 2000 20:06:53 +0200
Sender: [email protected]

By default, CP firewall-1 has a limit of 25000 connections. That means that
it can hold no more than 25K entries in it's connection table, either idle
or active.
You can increase the limit to 50000... Let me rephrase: you can increase the
limit to whatever value you want, just keep in mind that each new connection
eats some of the FW-1 kernel memory, and NATed connections eat more  than
regular connections. The default amount of memory assigned to FW-1 kernel on
Solaris is about 3Mb, so you will probably need to increase this value as
well. In any case, you might want to think about adding one more machine to
the cluster. Check out the following articles (thanks to Phoneboy..):
http://www.phoneboy.com/fw1/faq/0289.html
http://www.phoneboy.com/fw1/faq/0088.html
Use the following commands on your Firewalls:
#fw ctl pstat - information about FW-1 kernel memory usage
#fw tab -t connections -s  --information about FW-1 state table.

HTH
TTFN,
Michael

-----Original Message-----
From: Brian Noecker [mailto:[email protected]]
Sent: Tuesday, December 12, 2000 6:23 PM
To: [email protected]
Subject: [FW1] TCP port connections



Does anyone know how many TCP port connections a Checkpoint FW-1 SP2 box can
handle?  We're running two clustered Sun Sparc Ultra 5s with quad-cards in
them and have a client wanting to us to host a machine that is expected to
need 100,000 TCP ports simultaneously.  For load balancing, we're also using
Stonebeat FullCluster software.

Is this more dependent on the hardware or the software or both?

Thanks in advance.

-Brian


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Ignore earlier post
Next by Date: Re: [FW1] GUI for Linux / Redhat 6.1 available ?
Previous by thread: [FW1] TCP port connections
Next by thread: [FW1] Ignore earlier post
Index(es):
- Date
- Thread