NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Resource Problem



I have a firewall which has been running nicely for years and has suddenly
decided to choke.  Here is the identifying information:

OS:  Solaris 2.6
FW-1 Version:  4.0 SP 1

Symptoms:

Logging stopped.  NFS traffic (*) stopped being allowed through.  The
following messages began to appear in /var/adm/messages:

Jan  8 09:14:01 ems-fw01 unix: FW-1: log message queue is full
Jan  8 09:15:12 ems-fw01 unix: FW-1: lost 512 log/trap messages
Jan  8 09:15:12 ems-fw01 unix: FW-1: log message queue is full
Jan  8 09:17:26 ems-fw01 unix: FW-1: lost 512 log/trap messages

The following message began appearing by the thousands in fwd.log:

fwd: fwdom: Failed to create pipe: Too many open files

In addition, I got the following in fwd.log:

fwd: Can't open database/rules.C: Too many open files

After following Checkpoint support's suggestion to increase the size of
the log message queue, the message changed regarding the number of
messages lost, but the other symptoms remained the same, with the addition
of thousands of the following in fwd.log:

fwd: fwauthd: socketpair(AF_UNIX, SOCKETPAIR): Too many open files

After a reboot, everything functions properly for around an hour, then the
problems reliably start.

Checkpoint's next suggestion is to upgrade.  I'd prefer to avoid this for
now, for a variety of reasons, so I thought I'd ask here first to see if
anyone had any ideas.  I'm probably running out of some system resource,
but I can't figure out what.  Any ideas for where to look next?

-- 
Boyd Nation         Energy Management Systems Services     Southern Company
[email protected]:================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.