No it doesn't drop all connections some of connections just. We can say %50. And these dropped conections arenot service specific. I mean not just for http or another service.
No i don't see any specific Rule 0 drops or accepts yes i can https and SSH to machine After CPrestart it becomes ok but after a while (It depends on traffic) same symptoms occurs. fw tab -t con.. Vals ~ 41000 Thanks. On 4/15/05, fwguru <[EMAIL PROTECTED]> wrote: > Cem, > > Is what you are saying that NONE of the explicit rules are being > matched except the last one? > > So your log file has no Accepts in it at all and no Drops in it other > than the cleanup "last" rule? > > Do you see any Rule 0 drops or accepts? > > Can you SSH or HTTPS to the module? > > And after you CPrestart.... still the same symptoms? How long? > > How many current connections? fw tab -t connections -s > > "Sandwich" that firewall between two sniffers while running fw monitor > on the module to see what you get... > > You can try to delete the firewall object and recreate it. If not, > heck, reSplat. It only takes 15 minutes. > > > -fwguru > > > On 4/14/05, Christian Chiaverini <[EMAIL PROTECTED]> wrote: > > Did the symptoms go away after the restart? > > > > If not the it looks like time to do an fw mon or tcpdump. > > > > > > Christian > > > > > -----Original Message----- > > > From: Mailing list for discussion of Firewall-1 > > > [mailto:[EMAIL PROTECTED] On Behalf > > > Of Cem Akbas > > > Sent: Thursday, April 14, 2005 11:59 AM > > > To: [email protected] > > > Subject: Re: [FW-1] Need Help > > > > > > Hi Christian, > > > > > > It is already included. It is where i follow the dropped > > > connections and understand that it is dropped by the last rule... > > > > > > > > > On 4/14/05, Christian Chiaverini <[EMAIL PROTECTED]> wrote: > > > > Is the logfile stating the drop is from the last rule? If not, can > > > > you include it? > > > > > > > > > > > > Christian > > > > > > > > > > > > > -----Original Message----- > > > > > From: Mailing list for discussion of Firewall-1 > > > > > [mailto:[EMAIL PROTECTED] On > > > Behalf Of Cem > > > > > Akbas > > > > > Sent: Thursday, April 14, 2005 10:41 AM > > > > > To: [email protected] > > > > > Subject: Re: [FW-1] Need Help > > > > > > > > > > Hi, > > > > > > > > > > For example : > > > > > My 2nd rule is : > > > > > Source:ANY Dest:1.11.x.x Serv:HTTP Act : ACCEPT . > > > > > . > > > > > . > > > > > And the last rule is > > > > > source any Dest any Serv Any Act :drop > > > > > > > > > > Someone try to connect my 1.11.x.x server from http but > > > my firewall > > > > > passes the 2nd rule and drops this connection from the last rule. > > > > > > > > > > I think it is because of memory leak. When i look from " fw ctl > > > > > pstat " : > > > > > > > > > > Total memory bytes used: 64683000 unused: 6620168 > > > > > (9.28%) peak: 64982960 > > > > > Total memory blocks used: 16362 unused: 1028 (5%) > > > > > peak: 16363 > > > > > > > > > > and then it begins to cut connections. > > > > > > > > > > After i restart CP it becomes %54 unused memory.... > > > > > > > > > > Any idea? Thanks in advance... > > > > > > > > > > ================================================= > > > > > To set vacation, Out-Of-Office, or away messages, send an > > > email to > > > > > [EMAIL PROTECTED] > > > > > in the BODY of the email add: > > > > > set fw-1-mailinglist nomail > > > > > ================================================= > > > > > To unsubscribe from this mailing list, please see the > > > instructions > > > > > at http://www.checkpoint.com/services/mailing.html > > > > > ================================================= > > > > > If you have any questions on how to change your subscription > > > > > options, email [EMAIL PROTECTED] > > > > > ================================================= > > > > > > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, send an email to > > > > [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, please see the > > > instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > subscription options, > > > > email [EMAIL PROTECTED] > > > > ================================================= > > > > > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, send an > > > email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your subscription > > > options, email [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
