[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Objects.c: Maximum size reach
Leymarie, I can't express me well, What I can say is that you can do a cleaning in _objects.c_ file not on the number of objects on firewall. You can do this cleaning editing objects.c file with notepad, and in ":netobj" section you can follow the example bellow: Origial object on objects.c file: : (test1 :color (black) :type (host) :host_schemes_val (115) :host_schemes_names ( : (SecurID) : ("S/Key") : (RADIUS) : (Defender) : (TACACS) ) :fgver (4.1) :comments () :location (external) :firewall (not-installed) :floodgate (not-installed) :third_party_encryption (false) :cluster_member (false) :management (false) :ipaddr (10.0.0.1) :fwver (4.1) ) Now you can strip down the objects "test1" and "test2" like this: : (test1 :type (host) :ipaddr (10.0.0.1) ) In this case you are able put more objects on database, and you will bypass the limitation of checkpoint (that point to me, some time ago) that are no problem... :| ). I hope that this work for you too. Best regards, Klaubert Herr --- LEYMARIE Gerard <[email protected]> wrote: > Of course, in a first time I cleaned up the > database, but I really need my > objects and more!!! > > Here the answers of chkpt support: > > Currently if your objects.c file grows close to or > exceeds 1mg, or you have > more than about 1000 or so objects, you will start > to see performance issues > and in extreme cases the Firewall may fail to > compile the policy. In order > to remedy the situation you will need to scale down > the objects.c file. You > can do this by not defining each individual > workstation unless it plays a > special role such as Email server, web server, or > databse. In Firewall > version 5.0 this issue should be addressed allowing > for a greater objects.c > file. > > My conclusion is: Checkpoint is wrong mhen they say > there is no limit for > objetcs.C > > In version 3.0 it was possible to modify the HEAP > parameter to provide more > memory available for the compilation daemon. But in > the 4.x version this > parameter has disapear. > > I think the daemon do a malloc of 1Mo and that's all > > > > > -----Original Message----- > From: Klaubert Herr da Silveira > [mailto:[email protected]] > Sent: Tuesday, October 10, 2000 3:39 PM > To: [email protected] > Subject: RE: [FW1] Objects.c: Maximum size reach > > > > I hit this problem some time ago, and I turn around > by > editing the objects.c file and do a clening on it. > I retire all that is not needed. > So I could put 2000 objects on firewall... > But you must take care on change the file, once is > sensitive. > > Klaubert Herr > > > All, > > I think I reached the maximum size of objects.C > (1Mo) > because when I add > something to my configuration, my management hang ( > it > doesn't compile, it > do anything), even if you wait for a long time. > Normally my compilation > takes less than 30 seconds. > When I remove some object ( until the size of the > file > is more than 1Mo), > the compilation works fine! > > Does anyone can help me with this problem? > > My environnement is FW-1 4.1SP2 uder NT4SP6a for the > management. > > Many thanks > > > __________________________________________________ > Do You Yahoo!? > Get Yahoo! Mail - Free email you can access from > anywhere! > http://mail.yahoo.com/ > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|