[FW-1] trouble with sync'd fw's, fw tab's don't match

["Donna O'Connell" <donna.m.oconnell@FW1-NOSPAMVERIZON.COM>]

Hello all,

I have two firewalls in a sync'd environment.  One is primary and one is
standby in an HA environment.  I think there is a problem (perhaps a bug?)
with the sync connections.  I am now at fw 4.1 sp5.  I did not see this
issue at fw4.1 sp3.

The fw tab connections on both firewalls always have a large discrepancy
that I can't figure out.  Here are a couple of examples.  I was wondering
is anyone else is seeing odd behavior with syncing at sp5.  I am also
wondering more about the behavior of syncing.  What tables get synced?
What causes entries to be removed from any of these three tables? I am
getting confused with this problem, and concerned about how stable it will
be in a failed over situation.  Any thoughts would be appreciated.
Thanks..  Donna

firewallPrimary:>fw tab -t connections -s
HOST                  NAME                          ID  #VALS
localhost             connections                   22   8424
firewallPrimary>fw tab -t fwx_backw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_backw                   8188  13656
firewallPrimary>fw tab -t fwx_forw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_forw                    8189   8840

firewallBackup:>.fw tab -t connections -s
HOST                  NAME                          ID  #VALS
localhost             connections                   22  16990
firewallBackup:>fw tab -t fwx_backw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_backw                   8188  49889
firewallBackup:>fw tab -t fwx_forw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_forw                    8189   4771


It was recommended to increase my hmem to 16 meg so I did that  but only on the backup so far and I still see a great difference.  I am also not sure
what t
hmem would have to do with the discrepancy.  I would think the hmem would cause problems if too low, but a discrepancy is not something I would think
hmem
would resolve.  Again, any thoughts would be appreciated.  thanks, Donna


firewallPrimary:>fw tab -t connections -s
HOST                  NAME                          ID  #VALS
localhost             connections                   22  10287
firewallPrimary:>fw tab -t fwx_backw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_backw                   8188  14355
firewallPrimary:>fw tab -t fwx_forw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_forw                    8189  10019

firewalBackup:>fw tab -t connections -s
HOST                  NAME                          ID  #VALS
localhost             connections                   22  18517
firewalBackup:>fw tab -t fwx_backw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_backw                   8188   1006
firewallBackup:>fw tab -t fwx_forw -s
HOST                  NAME                          ID  #VALS
localhost             fwx_forw                    8189   1006

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================