[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] TCP port connections
By default, CP firewall-1 has a limit of 25000 connections. That means that it can hold no more than 25K entries in it's connection table, either idle or active. You can increase the limit to 50000... Let me rephrase: you can increase the limit to whatever value you want, just keep in mind that each new connection eats some of the FW-1 kernel memory, and NATed connections eat more than regular connections. The default amount of memory assigned to FW-1 kernel on Solaris is about 3Mb, so you will probably need to increase this value as well. In any case, you might want to think about adding one more machine to the cluster. Check out the following articles (thanks to Phoneboy..): http://www.phoneboy.com/fw1/faq/0289.html http://www.phoneboy.com/fw1/faq/0088.html Use the following commands on your Firewalls: #fw ctl pstat - information about FW-1 kernel memory usage #fw tab -t connections -s --information about FW-1 state table. HTH TTFN, Michael -----Original Message----- From: Brian Noecker [mailto:[email protected]] Sent: Tuesday, December 12, 2000 6:23 PM To: [email protected] Subject: [FW1] TCP port connections Does anyone know how many TCP port connections a Checkpoint FW-1 SP2 box can handle? We're running two clustered Sun Sparc Ultra 5s with quad-cards in them and have a client wanting to us to host a machine that is expected to need 100,000 TCP ports simultaneously. For load balancing, we're also using Stonebeat FullCluster software. Is this more dependent on the hardware or the software or both? Thanks in advance. -Brian ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|