Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Betreff:[FW-1] Memory and FTP Issue about NG FP3

To: [email protected]
Subject: [FW-1] Betreff:[FW-1] Memory and FTP Issue about NG FP3
From: Kahlert Bernd <[email protected]>
Date: Fri, 25 Jul 2003 07:42:00 +0100
Envelope-id: [email protected]
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Tony,
please see CKP-Secureknowledgebase about your FTP error.
You have to edit the file $FW-DIR/lib/base.def
Edit the lines:
/* true if the port in tcp_services */
define KNOWN_SERVER_TCP_PORT(p) {
  (not is_version_at_least(FP2_VER), KNOWN_SERVER_TCP_PORT_BC(p))
   or
   (is_version_at_least(FP2_VER), call KFUNC_KNOWN_SERVER_PORT<p, PROTO_tcp>)
};

Change them to:
/* true if the port in tcp_services */
define KNOWN_SERVER_TCP_PORT(p){0};

Best regards
Bernd

XIONG,TONY (HP-China,ex1)  (25.07.03  03:05):
##Hello,
##
##I met very strange issues in a system which includes SVN and secure clients
##running on secure platform.
##One is memeory issue. The following is information from free command. Pls
##pay attention to the memory usage of dtps process, it's almost 2140M virtual
##memory and 450M physical memory. The system has run for one month. My 2G
##memory will run out.
##
### free
##             total       used       free     shared    buffers     cached
##Mem:076       5120          0      43064     127964
##-/+ buffers/cache:48
##Swap:068        176
##
### top
##  8:28am  up 47 days,  9:54,  1 user,  load average: 0.44, 0.45, 0.39
##89 processes: 87 sleeping, 2 running, 0 zombie, 0 stopped
##CPU0 states:  2.0% user, 21.0% system,  0.0% nice, 76.3% idle
##CPU1 states:  1.2% user, 22.1% system,  0.0% nice, 76.0% idle
##
##  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
##  836 root       9   0 2140M 450M  2724 S     0.0 22.4   2:51 dtps
## 1005 root       9   0  312M  68M  1236 S     0.0  3.3   2:36 fgd50
## 1014 root       9   0  312M  68M  1236 S     0.0  3.3   0:01 fgd50
## 1015 root       9   0  312M  68M  1236 S     0.0  3.3   0:00 fgd50
##  695 root       9   0 31304  25M  9632 S     0.0  1.2  14:05 fwm
##  743 root       8   0 31304  25M  9632 S     0.0  1.2   0:00 fwm
##  744 root       9   0 31304  25M  9632 S     0.0  1.2   0:00 fwm
##  745 root       9   0 31304  25M  9632 S     0.0  1.2   0:00 fwm
##  746 root       9   0 31304  25M  9632 S     0.0  1.2   0:00 fwm
##25318 root       9   0 31304  25M  9632 S     0.0  1.2   0:00 fwm
##  924 root       9   0 30552  20M  2796 S     0.1  1.0  16:09 netsod
##  967 root       9   0 30552  20M  2796 S     0.0  1.0   0:01 netsod
##  968 root       9   0 30552  20M  2796 S     0.0  1.0   0:00 netsod
## 4184 root       9   0 24716  17M  5900 S     0.0  0.8   2:39 cplmd
## 4187 root       8   0 24716  17M  5900 S     0.0  0.8   0:00 cplmd
## 4188 root       9   0 24716  17M  5900 S     0.0  0.8   0:00 cplmd
## 4189 root       9   0 24716  17M  5900 S     0.0  0.8   0:03 cplmd
##  584 root       9   0 19332  14M  7008 S     0.0  0.7  11:25 cpd
##
##Another issue is about ftp. I transfered file  from internel network to DMZ
##netowrk, after transfering several files, FW hung my connection. If I send
##one very big file, it's ok. Why doesn't cp let me transfer multiple files. I
##have changed several kinds of ftp softwares. I unchecked all items about ftp
##in smartdefense. But it's the same. Following is error information.
##Number:       429
##Date:         6Jun2003
##Time:         13:57:02
##Product:      VPN-1 & FireWall-1
##Interface:    eth3
##Origin:       hqfw1
##Type:         Log
##Action:       Reject
##Service:      ftp
##Source:       it04-lds
##Destination:  61.153.244.186
##Protocol:     tcp
##Source Port:  3064
##Information:  reason: tried to open a known service port,
##  protocol: tcp
##  port_svc: netshow
##
##
##Could someone help me resolve these issuesï¼? Thanks in advance.
##
##
##Best Regards,
##
## Tony
##
##
##
##=================================================
##To set vacation, Out-Of-Office, or away messages,
##send an email to [email protected]
##in the BODY of the email add:
##set fw-1-mailinglist nomail
##=================================================
##To unsubscribe from this mailing list,
##please see the instructions at
##http://www.checkpoint.com/services/mailing.html
##=================================================
##If you have any questions on how to change your
##subscription options, email
##[email protected]
##=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Memory and FTP Issue about NG FP3
  - From: "XIONG,TONY (HP-China,ex1)" <[email protected]>

Prev by Date: [FW-1] Site-to-Site VPN issue
Next by Date: [FW-1] telnet problem between cluster members
Previous by thread: [FW-1] Memory and FTP Issue about NG FP3
Next by thread: Re: [FW-1] Memory and FTP Issue about NG FP3
Index(es):
- Date
- Thread