[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Slow policy install on IP120
I've noticed that since switching to NG loading policy has slowed down quite a bit. Also the IP530 that is used for user access will hang up if policy is loaded during peak times. The only way to recover is a power reset - you can not even console into it. VJ -----Original Message----- From: Lars Troen [mailto:[email protected]] Sent: Wednesday, November 05, 2003 3:26 AM To: [email protected] Subject: Re: [FW-1] Slow policy install on IP120 Will, It doesn't seem to matter if dns is enabled or not. It's just as slow after having disabled dns resolving. Also, I can't remember this being this slow on FP3(?). Lars -----Original Message----- From: Will Zegeer [mailto:[email protected]] Sent: 5. november 2003 04:28 To: [email protected] Subject: Re: [FW-1] Slow policy install on IP120 Is DNS enabled on this firewall? If so, disable it unless it is absolutely needed. By the way, it is not unusual in my experience for the IP120s to take a while for the policy to install...I think due to the 128 MB of RAM....less than realistic for any flavor of NG. -Will > -----Original Message----- > From: Lars Troen [mailto:[email protected]] > Sent: Tuesday, November 04, 2003 1:43 PM > To: [email protected] > Subject: [FW-1] Slow policy install on IP120 > > > Hi! > IP120 with NGAI takes several minutes to install even a simple policy. > The firewall objects name is the same as the host name. I'm > able to ping > this name (resolves to the licensed (external) ip) from the command > prompt very well. > > If I try to install with debug info from the command line I > get quite a > lot of these messages: > > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw CallToPingPeer TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw PingPeerCB TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw PingPeerCB: PING_PEER_STAT_TIMEOUT - make > retry Retry > number = 3 max retry = 60 > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw CallToPingPeer TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw PingPeerCB TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw PingPeerCB: PING_PEER_STAT_TIMEOUT - make > retry Retry > number = 4 max retry = 60 > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw CallToPingPeer TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw > ******************************************************* > [FWM 2213]@our-fw PingPeerCB TargetName = our-fw session = 72ec80 > [FWM 2213]@our-fw PingPeerCB: PING_PEER_STAT_TIMEOUT - make > retry Retry > number = 5 max retry = 60 > > So it seems that it tries in some or the other way to ping (?) the > firewall object name but times out. > > Others experienced this? > > Lars > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|