[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Nokia IP440 "kernel: ex_expire:" error msg and crash/ reboot when fwstop command issued.
- To: [email protected]
- Subject: Re: [FW-1] Nokia IP440 "kernel: ex_expire:" error msg and crash/ reboot when fwstop command issued.
- From: Alan Choyna <[email protected]>
- Date: Wed, 25 Sep 2002 16:09:13 -0400
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJkt9IW7yqci08/SYeixtGFFilZIwAAg8Kg
- Thread-Topic: Re: [FW-1] Nokia IP440 "kernel: ex_expire:" error msg and crash/ reboot when fwstop command issued.
No, just a stand alone IP440.
Just found this in the archives: https://www.firewall-1.org/2002-02/msg00489.html
Could bad flows affect network performance?
Our network performance returned to normal after the crash and reboot, so whatever had screwed up the FW was cleared up by the reboot.
I have rebooted the FW once since after installing the "internal host" patch which cleaned up the internal host miscounting, and thankfully the FW is still performing well.
We are getting our software subscriptions up to date now, so l can install IPSO 3.5 and FW1 4.1 SP6 to hopefully resolve this problem. Is this the most recent and stable of releases?
I would have thought the flows issue would have shown up much earlier (this FW has been active for 1 year now), if it were a bug, and it's very hard to imagine what could have screwed up during the reboot that caused the problem, and why it took 3 further reboots (the last one being the crash/reboot) to rectify it.
Thoughts anyone?
Alan.
-----Original Message-----
From: <Aaron Reynolds> [mailto:[email protected]]
Sent: Wednesday, September 25, 2002 11:56 AM
To: [email protected]
Subject: Re: [FW-1] Nokia IP440 "kernel: ex_expire:" error msg and
crash/ reboot when fwstop command issued.
Not likely. It just means that the flows table and firewall-1 state table
got out of sync. This could cause dropped packets, with error "No
established TCP packet", but should not degrade performance. You say that
you added a new firewall object. Are you running an HA pair?
-----Original Message-----
From: Alan Choyna [mailto:[email protected]]
Sent: Monday, September 23, 2002 11:21 PM
To: [email protected]
Subject: [FW-1] Nokia IP440 "kernel: ex_expire:" error msg and
crash/reboot when fwstop command issued.
Hey gurus,
We've an ip440 with ipso 3.3 and 4.1 SP3.
Last Thursday night after adding a new firewall object and the associated
rule, NAT, ARP and static info, I installed the policy and then rebooted the
FW via the voyager interface (I've had probs b4 with arp settings not taking
sometimes).
After the reboot performance had taken a big hit, especially file sharing
and web serving. I reinstalled the prior policy with no effect. Performance
has degraded markedly.
The last policy change b4 this was 2 months earlier, and the FW has been
rebooted a few times since then with no problem.
Then today while searching for the cause l found the following error
message:
"Sep 23 14:09:52 fw1001 [LOG_CRIT] kernel: ex_expire: c6e58a58 (data:
c6e58a2c) ld_del failed to ex_remove !"
Searching through the archives l see that this is caused by a bug in flows
fixed by installing SP5.
Can anyone confirm if this is so? Could this be the cause of my sudden
degraded performance?
Also l decided to do a fwstop/fwstart to see if this would clear some
tables, and maybe improve the fw performance. The moment l did the fwstop,
my ssh session froze. When l investigated the box l found it in the process
of rebooting. Very disturbing.
Though performance did improve somewhat, the reboot was very disturbing. Has
anyone else experienced this problem? Could the crash/reboot have been
related to the performance issues?
Thanks for any help or advice.
Al
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================