[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] fwx_backw reaching 25000
Hello. We are running CKPfw 4.0 build 4303 on Solaris 7. Recently, we have noticed many syslog messages of: Nov 29 14:48:02 nsmmfw02 unix: FW-1: fw_init_xlation_tables: fw_xlate_set_tables failed Nov 29 14:48:02 nsmmfw02 unix: FW-1: fw_xlate_forw: failed to initialize the connection After doing some research, it is apparent that we are reaching our fwx_backw NAT limit: # ./fw tab -t fwx_forw -t fwx_backw -t connections -s HOST NAME ID #VALS localhost fwx_forw 8189 2674 localhost fwx_backw 8188 24870 localhost connections 18 2740 I have read on how to increase this value, but I have a few questions before I do so: 1. Should I be concerned that fwx_forw and fwx_backw are significantly different values? 2. What would account for the discrepancy? 3. Could this be caused by an internal portscan? A service that is attempting to be NATed (snmp, GRE) that shouldn't be (I did a cursory check for this)? We don't have an IDS installed on the firewall, but if something like snort would help, I would definitely install it soon. 4. What exactly does fwx_forw and fwx_backw mean? I was thinking it was the number of packets that required forward and reverse NAT, respectively. 5. Any other suspect network traffic I should look for? Thanks in advance for your help! I am by no means very experienced with Checkpoint, but was unfortunately unable to resolve this by checking Phoneboy and some other Deja searches. King regards, Brandon Hutchinson =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|