NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Objects.c: Maximum size reach


Interesting. I have approximately 23,000 objects defined in my objects.C (It is 15 MB in size) and it works just fine. I do need to the following to get things to work smoothly:

1. Specify fw_light_verify (true) (see Phoneboy FAQ),and,
2. Raise the fwd_conn_tout value (again see Phoneboy FAQ), and,
3. Be at SP7 (I'm Version 4.0)

The latter requirement is needed in order to get gen times of 30 seconds instead of 45 minutes. Load times are still in the range of 3 to 4 minutes.

Hope this helps.....


From: LEYMARIE Gerard <[email protected]>
To: Klaubert Herr da Silveira <[email protected]>, [email protected]
Subject: RE: [FW1] Objects.c: Maximum size reach
Date: Tue, 10 Oct 2000 16:30:25 +0200


Of course, in a first time I cleaned up the database, but I really need my
objects and more!!!

Here the answers of chkpt support:

Currently if your objects.c file grows close to or exceeds 1mg, or you have
more than about 1000 or so objects, you will start to see performance issues
and in extreme cases the Firewall may fail to compile the policy. In order
to remedy the situation you will need to scale down the objects.c file. You
can do this by not defining each individual workstation unless it plays a
special role such as Email server, web server, or databse. In Firewall
version 5.0 this issue should be addressed allowing for a greater objects.c
file.

My conclusion is: Checkpoint is wrong mhen they say there is no limit for
objetcs.C

In version 3.0 it was possible to modify the HEAP parameter to provide more
memory available for the compilation daemon. But in the 4.x version this
parameter has disapear.

I think the daemon do a malloc of 1Mo and that's all




-----Original Message-----
From: Klaubert Herr da Silveira [mailto:[email protected]]
Sent: Tuesday, October 10, 2000 3:39 PM
To: [email protected]
Subject: RE: [FW1] Objects.c: Maximum size reach



I hit this problem some time ago, and I turn around by
editing the objects.c file and do a clening on it.
I retire all that is not needed.
So I could put 2000 objects on firewall...
But you must take care on change the file, once is
sensitive.

Klaubert Herr


All,

I think I reached the maximum size of objects.C (1Mo)
because when I add
something to my configuration, my management hang ( it
doesn't compile, it
do anything), even if you wait for a long time.
Normally my compilation
takes less than 30 seconds.
When I remove some object ( until the size of the file
is more than 1Mo),
the compilation works fine!

Does anyone can help me with this problem?

My environnement is FW-1 4.1SP2 uder NT4SP6a for the
management.

Many thanks


__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at http://profiles.msn.com.



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.