I'm using NG FP3 so this doesn't apply to me. There's no :use_limited_flushnack in my objects_5_0.C .
-- S�bastien Cantos <[EMAIL PROTECTED]> Responsable R�seau Neopost DIVA > -----Message d'origine----- > De : Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] De la > part de Vijay > Envoy� : vendredi 16 janvier 2004 06:43 > � : [EMAIL PROTECTED] > Objet : Re: [FW-1] Strange log error > > hi there .. > Hope this is SK article may be of some help to u.. > sk19308..just typing u for u r refrence .. > Error messages in var/adm/messages file off cluster > members under heavy load > Error: "vpnconn_get_entry_type:fwconn_chain_get_type > failed" > Error: "fwconn_pending_intercept: > ld_get(conn_relations) failed" > Error: "fwconn_chain_lookup: fwconn_pending_intercept > failed" > Error: "fw_conn_inspect: fwconn_chain_lookup failed" > > Some FTP Data Connections are dropped under heavy > load. > > > Solution > > This issue is currently under investigation. > > Suggested workaround: > > On your VPN-1/Firewall-1 management server: > > 1. Execute 'cpstop' and close all open GUI's > > 2. Go to $FWDIR/conf/objects_5_0.C file and search for > the following attribute (under <cluster-member> > object): > > :use_limited_flushnack (false) > > 3. Change its value from 'false' to 'true' and save > the file. > > 4. Execute 'cpstart' and install the policy. > > Verify that the change was indeed implemented on the > modules by going to their $FWDIR/database/objects.C > file, search for both <cluster-member 1> and > <cluster-member 2> objects and verify that the value > of their 'use_limited_flushnack' attribute is set to > 'true'. > > NOTE: > When ':use_limited_flushnack' is set to 'false' - no > connection will be "flush and ack"ed. > When ':use_limited_flushnack' is set to 'true' - Until > NG FP3 only VPN connections, static NAT connections > and data connections will be "flush and ack". > From NG w/Application Intelligence (R54) all > connections will be "flush and ack" and it is possible > to control this feature using the checkbox of "support > non-sticky connections" in the third party tab of the > cluster object in the Smart Dashboard. > ###########Hope this helps please let us know the > output############### > Regards > Vj > > --- "Joshi, Umesh" <[EMAIL PROTECTED]> wrote: > > By lots, you probably mean in the hundreds per > > second, right? > > Check your firewall logs and look for internal > > sources making multiple > > requests to rpc-mapper on sequentially numbered > > destinations. > > > > > > -----Original Message----- > > From: Sibastien Cantos > > [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 15, 2004 8:34 AM > > To: [EMAIL PROTECTED] > > Subject: [FW-1] Strange log error > > > > > > Hello, > > > > I get lots of messages in my /var/log/messages : > > > > fwx_xlate_method: fwxlate.c STATIC port xlation on > > ip protocol udp > > (-122203536) > > fwconn_pending_intercept: ld_set_wto(conn_nsons) > > failed > > fwconn_pending_intercept: ld_set_wto(conn_nsons) > > failed > > fwconn_pending_intercept: ld_set_wto(conn_nsons) > > failed > > ..... > > > > > > I'm using FW1 NG3 on linux RedHat with cluster XL. > > How can i correct this ? > > > > Thanks a lot for your answers. > > > > Regards, > > > > -- > > Sibastien Cantos <[EMAIL PROTECTED]> > > Responsable Riseau Neopost DIVA > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
