NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Virtual defragmentation error



The hotfix for Virt Defrag low on mbufs  issue
SHF_FW1_AI_0020

Reference nokia case 211325 if needed.

-Rob

At 11:17 PM 11/4/2003 -0700, [email protected] wrote:
I had to call Nokia to get it.  I had a case open for a few days, and wasn't
getting anywhere until I got a response from another mailing-list
subscriber.  I called Nokia and referenced his case# and got the fix the
next day.

-Aaron

-----Original Message-----
From: JOE CAMPOS [mailto:[email protected]]
Sent: Tuesday, November 04, 2003 10:45 PM
To: [email protected]
Subject: Re: [FW-1] Virtual defragmentation error


What mbufs fix is this? I haven't seen this fix?



Thanks,


----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Monday, November 03, 2003 10:11 AM
Subject: Re: [FW-1] Virtual defragmentation error


> Run "fw ctl pstat" and look for failed fragments. If you have them, you > most likely need the mbufs hotfix. These only output to the console, not to > the fw1 logs. > > -Aaron > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Monday, November 03, 2003 7:49 AM > To: [email protected] > Subject: [FW-1] Virtual defragmentation error > > Hi all, > > I'm running a VPN network with Check Point FW-1/VPN-1 on different > platforms. > Firewall-alpha: Nokia 530 IPSO 3.7 build 23 NG AI (Primary site) > Firewall-bravo: SecurePlatform 2. Edt. NG FP3 > Firewall-gamma: SecurePlatform NG AI > Firewall-omega: Nokia 120 IPSO 3.7 build 23 NG AI > > I'm starting to get a lot of these log entries in my fw-log: > Date: ##### > Time: ##### > Product: VPN-1 & FireWall-1 > Interface: eth0 > Origin: Firewall-bravo > Type: Log > Action: Drop > Protocol: 50 > Source: Firewall-alpha > Destination: Firewall-bravo > Information: message: Virtual defragmentation error: Timeout > ip_id: 62989 > ip_len: 0 > ip_offset: 0 > fragments_dropped: 2 > during_sec: 60 > > Where source always is Firewall-alpha but destination is the other three > firewall's. Destination and origin is always the same. > > I started looking in the mailing-list archive, phoneboy, Nokia, Check Point > KB and google. I found some useful articles but I'm still a little unsure. > > I've looked at Nokia res: 3370. I've set ipsec_don't_fragment ture (It's > true by default so I haven't changed it) But the article is about from one > server to another behind the firewall's, having MTU problem. > > My problem being with at firewall's them selves and the protocol is 50, my > eyes are turned to the MTU on the firewall's. > > I should add the when I ping -f -l 1473 server I get the message "Packet > needs to be fragmented but DF set." If I set the size to 1472 it's ok. Then > my attention is back on my server (res. 3370) and thus my confusion. > > I also found a fix mentioned SHF_FW1_AI_0020, but as I understood this is > for a problem with log entries like this "Virtual Defragmentation error: > low on mbufs . . ." and that's not my case. > > My question is where to edit my MTU size. Is it on my server or on my > firewall's or should I not change my MTU and look in a total different > place? > > > Any help would be appreciated. > > Best Regards, > > Ole Jakobsen > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Robert Geller, CCSA, CCSE Sportsline Network Operations 2200 West Cypress Creek Rd. Fort Lauderdale, Florida 33309

AIM: rg1454bb  ICQ: 451690
http://cbs.sportsline.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.