[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

[fw1-gurus] Exceeding NAT Translations

Subject: [fw1-gurus] Exceeding NAT Translations
From: "Jones, Derek A." <DAJones@xxxxxxxx>
To: <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Sat, 27 Dec 2003 21:04:37 -0600

To all,

Here is the problem, we have resetly migrated from 4.1 FP3 to NG-AI

After migrating we continue to see an inconsistency between the number
of connections and the number of entries in the fwx_alloc database

Fw tab -t connections -s
Produces:   4000 current and 10000 max


Fw tab -t fwx_alloc -s
Produces:   75000 current and 75000 max


As some can tell, we have increased the maximum number of NAT
Translation in the fwx_alloc table to 75000

The table fills up about ever 36 hours

We have also tried removing extra packages in IPSO


Hardware:    Nokia 710
OS:		 IPSO 3.7 Build 29
Checkpoint:  Checkpoint NG-AI
VRRP Clustered Active-Passive


We figure this is a problem associated with upgrading and a difference
between CP 4.1 and NG-AI

Also our thought are that the entries in the table more point to the
problem

Has anyone had a problem like this?
How did you fix it?

If not, is there any kind of tools to decipher the fwx_alloc table?

---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx

Follow-Ups:
- RE: [fw1-gurus] Exceeding NAT Translations
  - From: Jason Prost

Prev by Date: Re: [fw1-gurus] R55 individual packages
Next by Date: RE: [fw1-gurus] Exceeding NAT Translations
Previous by thread: [fw1-gurus] Local Mode - Demo Mode - Offline browsing
Next by thread: RE: [fw1-gurus] Exceeding NAT Translations
Index(es):
- Date
- Thread