Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] fwx_xlate_method, fwx_start_xlation in /var/adm/messages

To: [email protected]
Subject: [FW1] fwx_xlate_method, fwx_start_xlation in /var/adm/messages
From: Robert Carr <[email protected]>
Date: Sun, 7 Jan 2001 19:49:35 -0800 (PST)
Sender: [email protected]

Recently I begun to notice error msgs in
/var/adm/messages on my FW-1 v4.1 SP2 machine:

Nov  2 08:10:20  unix: FW-1: fwx_xlate_method: unknown
method
0x810c0a07
Nov  2 08:10:20  unix: FW-1: fwx_start_xlation: failed
to
initialize the connection
Nov  2 08:10:20  unix: FW-1:
fwx_anticipate_server_side: failed to
initialize the connection
Nov  2 08:10:20  unix: FW-1: fw_xlate_anticipate:
fwx_anticipate_server_side failed
Nov  3 00:27:48  unix: FW-1: fwx_xlate_method: unknown
method
0xd984207
Nov  3 00:27:48  unix: FW-1: fwx_start_xlation: failed
to
initialize the connection
Nov  3 00:27:48  unix: FW-1:
fwx_anticipate_server_side: failed to
initialize the connection
Nov  3 00:27:48  unix: FW-1: fw_xlate_anticipate:
fwx_anticipate_server_side failed


This appears to be different from a problem with error
msgs mentioning fw_init_xlation and fw_xlate_forw
(http://msgs.securepoint.com/cgi-bin/get/fw1-9903/738.html)
previously discussed on this list and at Phoneboy.

Any ideas as to what this means, what could be causing
it and how to address it?  Although the fw gets very
little traffic now, I haven't noticed any ill effects.

I have the following relevant stats:

======================================================

# ./fw ctl pstat
Hash kernel memory (hmem) statistics:
  Total memory allocated: 16777216 bytes in 4095 4KB
blocks using 1 pool
  Total memory bytes  used:    94472   unused:
16682744 (99%)   peak:
109372
  Total memory blocks used:       37   unused:    
4058 (99%)
  Allocations: 133867 alloc, 0 failed alloc, 131755
free
System kernel memory (kmem) statistics:
  System physical memory: 255868928 bytes
  Available physical memory: 186449920 bytes
  Total memory bytes  used: 17796850   peak: 17811414
  Allocations: 2560 alloc, 0 failed alloc, 2181 free,
0 failed free
Inspct: 13152 packets, 3343338 operations, 116943
lookups, 7024 record,
965922 extract
Cookies: 238887 total, 0 alloc, 0 free, 0 dup, 449899
get, 223165 put,
1111567 len, 0 chain alloc, 0 chain free
Fragments: 0 fragments, 0 packets, 0 expired, 0 short,
0 large, 0
duplicates, 0 failures
Encryption: 0 encryption, 0 decryption, 0 short, 0
failures
Translation: 55524/116811 forw, 61066/123929 bckw,
116382 tcpudp, 208 icmp,
1557-2419 alloc

# ./fw tab -u -t xlate_forw | wc -l
Table xlate_forw not loaded

# ./fw tab -u -t connections
localhost:
-------- connections --------
attributes: refresh, sync, expires 60, free function4, kbuf 1,
implies 21, hashsize 65536, limit 50000

<0a80033c, 00004bd2, 0a80001e, 00000016, 00000006;
00000000, 00004001,
01ffff20; 3599/3600>
<ac140016, 00000932, 0a800f4f, 00000dca, 00000006;
701172ec, 00004004,
0201d020; 3109/3600>
<ac140016, 0000095c, 0a800f4f, 00000dca, 00000006;
70116f6c, 00004004,
0201d020; 3551/3600>
<ac140016, 00000884, c0a80186, 00000d81, 00000006;
7011743c, 00004004,
0201d020; 3486/3600>
<0a80001e, 00008000, 0a800027, 00000101, 00000006;
00000000, 00004001,
ff010600; 3551/3600>

This fw is not in production yet, so it has almost no
connections.

# ./fw tab -t connections -s 
HOST                  NAME                          ID
 #VALS
localhost             connections                   22
     8

# ./fw tab -t fwx_forw -s 
HOST                  NAME                          ID
 #VALS
localhost             fwx_forw                    8189
    12

# ./fw tab -t fwx_backw -s
HOST                  NAME                          ID
 #VALS
localhost             fwx_backw                   8188
    12


/etc/system has been modified to contain:

>>
* Increase File descriptor limits: 1024 default, >4096
sugg
* (rlim_fd_max should be at least 2x
tcp_conn_req_max_q)
set rlim_fd_max=16384
set rlim_fd_cur=256

* enable advanced memory paging technique
set priority_paging=1
set tcp:tcp_conn_hash_size=16384

* For Checkpoint FW-1 optimization

* Increase memory allocated for concurrent
* VPN sessions from 3 Mb to 16 Mb.
set fw:fwhmem = 0x1000000
<<


in $FWDIR/lib/table.def, I have changed limit to 50000
(from 25000) and hashsize to 65536 (from 32768)

in $FWDIR/conf/objects.C, my nat_limit is still 25000
and my nat_hashsize is still 16384.


Any suggestions would be greatly appreciated.


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] what is the port number for exceed program?
Next by Date: [FW1] Rule 0 problem when trying to use new subnet
Previous by thread: [FW1] what is the port number for exceed program?
Next by thread: [FW1] Rule 0 problem when trying to use new subnet
Index(es):
- Date
- Thread