Cem, Is what you are saying that NONE of the explicit rules are being matched except the last one?
So your log file has no Accepts in it at all and no Drops in it other than the cleanup "last" rule? Do you see any Rule 0 drops or accepts? Can you SSH or HTTPS to the module? And after you CPrestart.... still the same symptoms? How long? How many current connections? fw tab -t connections -s "Sandwich" that firewall between two sniffers while running fw monitor on the module to see what you get... You can try to delete the firewall object and recreate it. If not, heck, reSplat. It only takes 15 minutes. -fwguru On 4/14/05, Christian Chiaverini <[EMAIL PROTECTED]> wrote: > Did the symptoms go away after the restart? > > If not the it looks like time to do an fw mon or tcpdump. > > > Christian > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On Behalf > > Of Cem Akbas > > Sent: Thursday, April 14, 2005 11:59 AM > > To: [email protected] > > Subject: Re: [FW-1] Need Help > > > > Hi Christian, > > > > It is already included. It is where i follow the dropped > > connections and understand that it is dropped by the last rule... > > > > > > On 4/14/05, Christian Chiaverini <[EMAIL PROTECTED]> wrote: > > > Is the logfile stating the drop is from the last rule? If not, can > > > you include it? > > > > > > > > > Christian > > > > > > > > > > -----Original Message----- > > > > From: Mailing list for discussion of Firewall-1 > > > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Cem > > > > Akbas > > > > Sent: Thursday, April 14, 2005 10:41 AM > > > > To: [email protected] > > > > Subject: Re: [FW-1] Need Help > > > > > > > > Hi, > > > > > > > > For example : > > > > My 2nd rule is : > > > > Source:ANY Dest:1.11.x.x Serv:HTTP Act : ACCEPT . > > > > . > > > > . > > > > And the last rule is > > > > source any Dest any Serv Any Act :drop > > > > > > > > Someone try to connect my 1.11.x.x server from http but > > my firewall > > > > passes the 2nd rule and drops this connection from the last rule. > > > > > > > > I think it is because of memory leak. When i look from " fw ctl > > > > pstat " : > > > > > > > > Total memory bytes used: 64683000 unused: 6620168 > > > > (9.28%) peak: 64982960 > > > > Total memory blocks used: 16362 unused: 1028 (5%) > > > > peak: 16363 > > > > > > > > and then it begins to cut connections. > > > > > > > > After i restart CP it becomes %54 unused memory.... > > > > > > > > Any idea? Thanks in advance... > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, send an > > email to > > > > [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, please see the > > instructions > > > > at http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your subscription > > > > options, email [EMAIL PROTECTED] > > > > ================================================= > > > > > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, send an email to > > > [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, please see the > > instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > subscription options, > > > email [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, send an > > email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your subscription > > options, email [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
