hi there .. Hope this is SK article may be of some help to u.. sk19308..just typing u for u r refrence .. Error messages in var/adm/messages file off cluster members under heavy load Error: "vpnconn_get_entry_type:fwconn_chain_get_type failed" Error: "fwconn_pending_intercept: ld_get(conn_relations) failed" Error: "fwconn_chain_lookup: fwconn_pending_intercept failed" Error: "fw_conn_inspect: fwconn_chain_lookup failed"
Some FTP Data Connections are dropped under heavy load. Solution This issue is currently under investigation. Suggested workaround: On your VPN-1/Firewall-1 management server: 1. Execute 'cpstop' and close all open GUI's 2. Go to $FWDIR/conf/objects_5_0.C file and search for the following attribute (under <cluster-member> object): :use_limited_flushnack (false) 3. Change its value from 'false' to 'true' and save the file. 4. Execute 'cpstart' and install the policy. Verify that the change was indeed implemented on the modules by going to their $FWDIR/database/objects.C file, search for both <cluster-member 1> and <cluster-member 2> objects and verify that the value of their 'use_limited_flushnack' attribute is set to 'true'. NOTE: When ':use_limited_flushnack' is set to 'false' - no connection will be "flush and ack"ed. When ':use_limited_flushnack' is set to 'true' - Until NG FP3 only VPN connections, static NAT connections and data connections will be "flush and ack". >From NG w/Application Intelligence (R54) all connections will be "flush and ack" and it is possible to control this feature using the checkbox of "support non-sticky connections" in the third party tab of the cluster object in the Smart Dashboard. ###########Hope this helps please let us know the output############### Regards Vj --- "Joshi, Umesh" <[EMAIL PROTECTED]> wrote: > By lots, you probably mean in the hundreds per > second, right? > Check your firewall logs and look for internal > sources making multiple > requests to rpc-mapper on sequentially numbered > destinations. > > > -----Original Message----- > From: Sibastien Cantos > [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 15, 2004 8:34 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] Strange log error > > > Hello, > > I get lots of messages in my /var/log/messages : > > fwx_xlate_method: fwxlate.c STATIC port xlation on > ip protocol udp > (-122203536) > fwconn_pending_intercept: ld_set_wto(conn_nsons) > failed > fwconn_pending_intercept: ld_set_wto(conn_nsons) > failed > fwconn_pending_intercept: ld_set_wto(conn_nsons) > failed > ..... > > > I'm using FW1 NG3 on linux RedHat with cluster XL. > How can i correct this ? > > Thanks a lot for your answers. > > Regards, > > -- > S�bastien Cantos <[EMAIL PROTECTED]> > Responsable R�seau Neopost DIVA > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
