|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1]error messages (xlate)
>I have these messages in my firewall-1 Version 4.0 SP7: > >Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_init_xlation_tables: >fw_xlate_set_tables failed >Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_xlate_forw: failed to initialize the >connection >Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_xlate_set_tables: ld_set_wto to >fwx_forw_tab Looks to me, remarkably like you are running out of memory on your firewall. Or at least, connection table space. IIRC firewall-1 allocates 5 Mb of memory to connections and there is some form of hard limit of 25000 connections. This gets exhausted much more rapidly for NAT connections, since they are (from the point of view of the firewall) two different connections. Useful commands to check this (run on yer fw) are: fw ctl pstat fw tab -t fwx_forw -s fw tab -t fwx_backw -s fw tab -t connections -s the tables commands will give you a list of currently open connections. fwx_forw and backw are the ones which are being NATed Problems with this can becaused with asymmetric routing (because otherwise you have to wait for the connection to time out - default of 1 hour) or an internal portscan. -- Ed Rolison Systems Admin ER706-RIPE [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
