This has been a common problem seen many times before but hopefully at R55 level, you will not get it. The current limit 256 with 80 CMA's is low indeed. There should be no problems setting up fd limit to 1024 and it should not blow away your box (even though CP should take guarantee for that having recommended you this step!) Rajeev Gupta
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Monday, February 28, 2005 9:15 AM To: [email protected] Subject: [FW-1] Error in Provider-1 NG Feature Pack 3 with HFA 325 All, I am running Provider-1 NG Feature Pack 3 with HFA325 on solaris 9. This provider-1 has about 80 CMA (Customer Management Addon) on it. For the past two weeks, I am getting a lot of errors like this one below when pushing policy from the CMA to the Enforcement module: failed to open "object_5.0.C" too many open files failed to get network_ojbects from conf obj failed to downgrade SR community Downgrade objects_5.0.C to object.C ..failed aborting I've been told that this is a "leak" issue in solaris because the file "descriptors" in solaris is set too slow. By using the "limit" commands, I see the file descriptors is set to 256. Checkpoint recommended that I put the following parameters in the /etc/system file: set rlim_fd_cur = 1024 set rlim_fd_max = 1024 and REBOOT the box after that... Has anyone run into this situation before? If I make these chages, will it blow up my sun box? I've tested it in the lab environment and everything seems to be ok but lab is completely different than production. Please advise. Thanks. --------------------------------- Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
