[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT hide failure. no free port
You issue the following command on the CLI and check and see if you available allocated connections are used up. Check the limit (command below), if the amount of connections are close to full then that is more that likely what it causing your problem, if you are using the default number of connections (25,000) you can try and up the amount to 30-50k via the Dashboard. You can also issue the "fw tab -x fwx_alloc" command and clear the connections see if they were just not timed out correctly. I have run into this problem mostly because of the various virus infections on hosts that were NAT'ted to the firewall and the firewall did not seem to remove most of the connections; I have asked Checkpoint about this but there response was to upgrade to NG AI.) [root@fw /]# fw tab -t fwx_alloc localhost: -------- fwx_alloc -------- dynamic, id 8187, attributes: keep, sync, limit 50000, hashsize 262144 <00000006, c7b586d4, 0000b58c, 0ac10c36> <00000006, c7b586d4, 0000a67f, c7b5858c> <00000006, c7b586d4, 0000b11f, c7b5858c> <00000006, c7b586d4, 0000ae56, 0ac10c0a> <00000006, c7b586d4, 00009203, 0ac1121b> <00000006, c7b586d4, 000035cc, 4051af09> <00000006, c7b586d4, 00009c48, 0ac10c44> <00000006, c7b586d4, 0000ae38, 0ac10c55> <00000006, c7b586d4, 0000a161, c7b58715> <00000006, c7b586d4, 000092b1, 0ac111d0> <00000006, c7b586d4, 00009d81, c7b58715> <00000006, c7b586d4, 00009026, 0ac10c30> <00000006, c7b586d4, 00007334, c7b58606> <00000006, c7b586d4, 0000a53d, 0ac10c60> <00000011, c7b586d4, 0000ab76, 0ac1ff25> <00000001, c7b586d4, 000038d7, c7b586d3> ...(2011 More) Chris C. Burton Network Engineer Walt Disney Internet Group: Network Services -----Original Message----- From: Michael Schwartzkopff [mailto:[email protected]] Sent: Monday, September 29, 2003 1:31 AM To: [email protected] Subject: [FW-1] NAT hide failure. no free port Hi, we exparience the following error on our firewall: NAT hide failure, could not find free port in the firewall logfiles and in the system logfiles: fw_xlate_anticipation: fwx_anticipate_server_side failed fwconn_pending_intercept: id_set_wto(conn_nsons) failed Our System: NG FP2, distrubuted management and a cluster firewall. Any ideas? Any help? Thanks. M. Schwartzkopff ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|