HI again LindSay, thanks again for your advice. Hmmm, one question, do you think tehre is ny workaround using dbdiff or some tool on commmandline level to increase that table limit although we are using the express license?
I am reading the Performance Tuning Guide and they suggest to edit some files including the objects_5_0.C http://www.checkpoint.com/techsupport/documentation/FW-1_VPN-1_performance.html#nokia The interesting part: [...] 3. Adjusting the NAT tables parameters - size and hash In environments with large (> 25000) number of concurrent connections with address translation increase the NAT tables size and hash size. Insufficient NAT tables size can lead to serious performance degradation. in $FWDIR/conf/objects_5_0.C file, under props: section: :nat_limit (xxx) - to xxx desired value, default 25000 :nat_hashsize (yyy) - to yyy desired value, power of 2 close to (or over) the table limit [...] Thanks a lot, Bye, Eric Janz Departamento de Sistemas Grupo Barceló Viajes C\ 16 de Julio, 75 07009 Polígono Son Castelló Palma de Mallorca - Baleares Tel.: +34 971 448030 Fax.: +34 971 436986 Lindsay Hill <[EMAIL PROTECTED]> 24/09/2005 12:07 Para Eric Janz <[EMAIL PROTECTED]> cc Asunto Re: [FW-1] Howto increase connection table limit One thing - I don't know how easy it is to migrate from Express to Enterprise/Pro - I'm not sure if you can just get away with changing the license, or if you'll need to rebuild the module. Once it is Pro, changing the connections limit is pretty easy, all done through the GUI. No need to muck around with modzap and stuff like you used to have to. - Lindsay On 24 Sep 2005, at 10:54, Eric Janz wrote: > Hi Lindsay, > > thank you very much for your advice. > We will chabge to pro licensing so. > > Best regards, > > Eric Janz > Departamento de Sistemas > Grupo Barceló Viajes > > C\ 16 de Julio, 75 > 07009 Polígono Son Castelló > Palma de Mallorca - Baleares > Tel.: +34 971 448030 > Fax.: +34 971 436986 > > > > Lindsay Hill <[EMAIL PROTECTED]> > Enviado por: Mailing list for discussion of Firewall-1 > <[email protected]> > 24/09/2005 11:02 > Por favor, responda a > Mailing list for discussion of Firewall-1 > <[email protected]> > > > Para > [email protected] > cc > > Asunto > Re: [FW-1] Howto increase connection table limit > > > > > > > No, that is one of the limitations of the Express Licensing. You'll > need to change to Pro licensing if you need to support more > connections. > > - Lindsay > > > On 24 Sep 2005, at 09:32, Eric Janz wrote: > > >> Hi dear Gurus, >> >> we have a CheckPoint FW-1 with an Express License. Is there a way to >> unlimit the connection table limit? >> >> Thanks in advance, >> >> Eric Janz >> Departamento de Sistemas >> Grupo Barceló Viajes >> >> C\ 16 de Julio, 75 >> 07009 Polígono Son Castelló >> Palma de Mallorca - Baleares >> Tel.: +34 971 448030 >> Fax.: +34 971 436986 >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
