Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Limit of connections

To: "Claudio Mora" <[email protected]>
Subject: RE: [FW1] Limit of connections
From: "Mark Decker" <[email protected]>
Date: Thu, 12 Apr 2001 17:17:26 -0700
Cc: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

Claudio,

If you are performing address translation, in addition to increasing the
size of the connection table, you will also need to increase the number
of entries allowed in the NAT table.

You may also need to increase the amount of kernel memory dedicated to
FireWall-1 to compensate for the extra connections.  Each connection
takes 60 bytes of memory.  If a connection requires NAT, an additional
120 bytes are needed.  If a connection is logged in accounting mode, an
extra 72 bytes are needed.  All this is in addition to a "base" amount
of memory (somewhere between 500k and 3 megs) that FireWall-1 will need
to manipulate the state tables, perform logging functions, etc.

HTH,

Mark L. Decker
Rainfinity
[email protected]
www.rainfinity.com> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On
> Behalf Of
> Claudio Mora
> Sent: Wednesday, April 11, 2001 1:42 PM
> To: Fw-1-Mailinglist (E-mail)
> Cc: Fw-1-Mailinglist (E-mail)
> Subject: [FW1] Limit of connections
>
> I have a Solaris 2.6 Ultra-5 firewall SP8 configured to
> support up to 50,000
> connections. Under undetermine circumstances the firewall
> sends the following
> message
> fw_xlate_set_tables: ld_set_wto to fwx_forw_tab failed
> fw_init_xlation_tables: fw_xlate_set_tables failed
> FW-1: fw_xlate_forw: failed to initialize the connection
>
> This slows down the machine and the only way to get rid of
> this is rebooting the
> firewall machine.
> I already increased the limit from 25,000 to 50,000 but it
> did not helped.
>
> What should I do to solve this problem?
>
> Thanks in advance,
> -Claudio
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Limit of connections
  - From: "Claudio Mora" <[email protected]>

Prev by Date: [FW1] RADIUS ACCOUNTING
Next by Date: Re: [FW1] Connection timeouts on Nokia IP boxes.
Previous by thread: [FW1] Limit of connections
Next by thread: FW: [FW1] Limit of connections
Index(es):
- Date
- Thread