Is your standalone Windows 2003 server then managing the nokia fw's? The command should not cause any stress on the firewall - please run it as suggested during a minute's period when you are expecting the message.
Rajeev On 4/13/05, Quick, Richard A. <[EMAIL PROTECTED]> wrote: > > Sorry, let me clarify something. The problem where I see this is a > Windows 2003 server standalone. I also have Nokia firewalls. Will this > put a strain on the nokia's? > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Quick, > Richard A. > Sent: Wednesday, April 13, 2005 8:06 AM > To: [email protected] > Subject: Re: [FW-1] FW1: FW-1: fw_conn_inspect: fwconn_chain_lookup > failed > > Is this debug something that can be run during production hours? Will > it put a strain on my Nokia? > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Rajeev > Gupta > Sent: Tuesday, April 12, 2005 5:42 PM > To: [email protected] > Subject: Re: [FW-1] FW1: FW-1: fw_conn_inspect: fwconn_chain_lookup > failed > > Are you seeing actual traffic issues? This might be a harmless message > in > case your firewall is under heavy load - there is sk26050 to look at for > the > solutions that can be attempted but in case you really have traffic > drops, > it may be worthwhile to debug at the kernel level, run fw monitor and > find > out the packets origin that may be failing to find a matching entry in > the > connections table and generating these messages. In R55, you can run the > > following command to do kernel level debug of your traffic: > > fw ctl zdebug + conn link drop > <filename> > > Do ctrl+c to terminate the debug after you have seen these this message. > (so > do the debug when almost 14 and a half minutes have passed and you are > expecting a message so that the file does not grow too big but at the > same > time is able to capture the interested traffic). Look through the file > to > decipher your IP addresses throwing this message and find the reason why > > that particular packet is not finding the match in the entry - you might > not > be allowing that traffic or there is some possibility of > corrupted/malformed > packet? > > hth, > > Rajeev > > On 4/12/05, Quick, Richard A. <[EMAIL PROTECTED]> wrote: > > > > I have an NG AI R55 HFA13 standalone firewall running on Windows 2003 > > where I'm seeing the message below. The message repeats itself every > 15 > > minutes. Does anyone know what issue might cause this? I found > > information regarding different versions but not NG AI R55. > > > > FW1: FW-1: fw_conn_inspect: fwconn_chain_lookup failed > > > > Thanks, > > Rick > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
