[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] fwx_xlate_method, fwx_start_xlation in /var/adm/messages
Recently I begun to notice error msgs in /var/adm/messages on my FW-1 v4.1 SP2 machine: Nov 2 08:10:20 unix: FW-1: fwx_xlate_method: unknown method 0x810c0a07 Nov 2 08:10:20 unix: FW-1: fwx_start_xlation: failed to initialize the connection Nov 2 08:10:20 unix: FW-1: fwx_anticipate_server_side: failed to initialize the connection Nov 2 08:10:20 unix: FW-1: fw_xlate_anticipate: fwx_anticipate_server_side failed Nov 3 00:27:48 unix: FW-1: fwx_xlate_method: unknown method 0xd984207 Nov 3 00:27:48 unix: FW-1: fwx_start_xlation: failed to initialize the connection Nov 3 00:27:48 unix: FW-1: fwx_anticipate_server_side: failed to initialize the connection Nov 3 00:27:48 unix: FW-1: fw_xlate_anticipate: fwx_anticipate_server_side failed This appears to be different from a problem with error msgs mentioning fw_init_xlation and fw_xlate_forw (http://msgs.securepoint.com/cgi-bin/get/fw1-9903/738.html) previously discussed on this list and at Phoneboy. Any ideas as to what this means, what could be causing it and how to address it? Although the fw gets very little traffic now, I haven't noticed any ill effects. I have the following relevant stats: ====================================================== # ./fw ctl pstat Hash kernel memory (hmem) statistics: Total memory allocated: 16777216 bytes in 4095 4KB blocks using 1 pool Total memory bytes used: 94472 unused: 16682744 (99%) peak: 109372 Total memory blocks used: 37 unused: 4058 (99%) Allocations: 133867 alloc, 0 failed alloc, 131755 free System kernel memory (kmem) statistics: System physical memory: 255868928 bytes Available physical memory: 186449920 bytes Total memory bytes used: 17796850 peak: 17811414 Allocations: 2560 alloc, 0 failed alloc, 2181 free, 0 failed free Inspct: 13152 packets, 3343338 operations, 116943 lookups, 7024 record, 965922 extract Cookies: 238887 total, 0 alloc, 0 free, 0 dup, 449899 get, 223165 put, 1111567 len, 0 chain alloc, 0 chain free Fragments: 0 fragments, 0 packets, 0 expired, 0 short, 0 large, 0 duplicates, 0 failures Encryption: 0 encryption, 0 decryption, 0 short, 0 failures Translation: 55524/116811 forw, 61066/123929 bckw, 116382 tcpudp, 208 icmp, 1557-2419 alloc # ./fw tab -u -t xlate_forw | wc -l Table xlate_forw not loaded # ./fw tab -u -t connections localhost: -------- connections -------- attributes: refresh, sync, expires 60, free function4, kbuf 1, implies 21, hashsize 65536, limit 50000 <0a80033c, 00004bd2, 0a80001e, 00000016, 00000006; 00000000, 00004001, 01ffff20; 3599/3600> <ac140016, 00000932, 0a800f4f, 00000dca, 00000006; 701172ec, 00004004, 0201d020; 3109/3600> <ac140016, 0000095c, 0a800f4f, 00000dca, 00000006; 70116f6c, 00004004, 0201d020; 3551/3600> <ac140016, 00000884, c0a80186, 00000d81, 00000006; 7011743c, 00004004, 0201d020; 3486/3600> <0a80001e, 00008000, 0a800027, 00000101, 00000006; 00000000, 00004001, ff010600; 3551/3600> This fw is not in production yet, so it has almost no connections. # ./fw tab -t connections -s HOST NAME ID #VALS localhost connections 22 8 # ./fw tab -t fwx_forw -s HOST NAME ID #VALS localhost fwx_forw 8189 12 # ./fw tab -t fwx_backw -s HOST NAME ID #VALS localhost fwx_backw 8188 12 /etc/system has been modified to contain: >> * Increase File descriptor limits: 1024 default, >4096 sugg * (rlim_fd_max should be at least 2x tcp_conn_req_max_q) set rlim_fd_max=16384 set rlim_fd_cur=256 * enable advanced memory paging technique set priority_paging=1 set tcp:tcp_conn_hash_size=16384 * For Checkpoint FW-1 optimization * Increase memory allocated for concurrent * VPN sessions from 3 Mb to 16 Mb. set fw:fwhmem = 0x1000000 << in $FWDIR/lib/table.def, I have changed limit to 50000 (from 25000) and hashsize to 65536 (from 32768) in $FWDIR/conf/objects.C, my nat_limit is still 25000 and my nat_hashsize is still 16384. Any suggestions would be greatly appreciated. __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|