[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] slow network connection to slave firewall
Aaron,
I was going to say basically the same thing. Check your reverse lookups on
the network, sounds like it could be a DNS/lookup problem.
The other thing to look at is a failing hard drive. This would account for
the slow ls commands. If the drive is having trouble reading a portion of
it but after then is able to read it you won't get a failed drive message.
If it is possible run a linear verify test do that.
-Michael
-----Original Message-----
From: jimbo [mailto:[email protected]]
Sent: Monday, December 30, 2002 5:30 PM
To: [email protected]
Subject: Re: [FW-1] slow network connection to slave firewall
Importance: High
have you got DNS defined on the Nokia? Turn it off!
If IP's are inserted into the DNS entries on newer IPSO's but can't do
lookups, you get hangups like this, i've seen it a few times...
jp
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of <Aaron
Reynolds>
Sent: 30 December 2002 23:27
To: [email protected]
Subject: [FW-1] slow network connection to slave firewall
This has happened twice now, that I have noticed. Once on Dec 18, for about
2 hours, and once today (Dec. 30) for about 1-2 hours. The problem is as
follows:
IPSO 3.5 FCS8 / 4.1 SP6 (HA pair)
Policy pushing and fetching fail on the secondary, but work on primary.
User database updates fail, but work on primary. However, FW1 logging to
management console seems to continue through the problem. ssh connections
take up to 2 minutes for a password prompt to come back, and then once
authentication is entered, sometimes timeout, never getting a prompt. Once
logged into the box, things are very slow. "ls" commands will hang for a
few seconds, sometimes you wait for typing, as if on a serial connection.
Here is the strange thing. I see no collisions on the firewall or next hop
switch on our LAN. Load is about 2% on the firewall. There is next to no
traffic. Meanwhile, my primary firewall is working fine, taking all the
load. ssh connections are quick, getting immediate responses. This rules
out a problem with a router/switch on our LAN. It seems to be either the
firewall, or the next hop switch inside the firewall. I tried rebooting the
firewall as a last resort, and it didn't fix anything. Then, in both cases
it will just start working again without me doing anything. Any help is
greatly appreciated. Let me know if you need more info. Thanks.
-Aaron
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================