[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Limit of connections
Claudio, If you are performing address translation, in addition to increasing the size of the connection table, you will also need to increase the number of entries allowed in the NAT table. You may also need to increase the amount of kernel memory dedicated to FireWall-1 to compensate for the extra connections. Each connection takes 60 bytes of memory. If a connection requires NAT, an additional 120 bytes are needed. If a connection is logged in accounting mode, an extra 72 bytes are needed. All this is in addition to a "base" amount of memory (somewhere between 500k and 3 megs) that FireWall-1 will need to manipulate the state tables, perform logging functions, etc. HTH, Mark L. Decker Rainfinity [email protected] www.rainfinity.com> -----Original Message----- > From: [email protected] > [mailto:[email protected]]On > Behalf Of > Claudio Mora > Sent: Wednesday, April 11, 2001 1:42 PM > To: Fw-1-Mailinglist (E-mail) > Cc: Fw-1-Mailinglist (E-mail) > Subject: [FW1] Limit of connections > > I have a Solaris 2.6 Ultra-5 firewall SP8 configured to > support up to 50,000 > connections. Under undetermine circumstances the firewall > sends the following > message > fw_xlate_set_tables: ld_set_wto to fwx_forw_tab failed > fw_init_xlation_tables: fw_xlate_set_tables failed > FW-1: fw_xlate_forw: failed to initialize the connection > > This slows down the machine and the only way to get rid of > this is rebooting the > firewall machine. > I already increased the limit from 25,000 to 50,000 but it > did not helped. > > What should I do to solve this problem? > > Thanks in advance, > -Claudio > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|