The express session limited is 25,000. You can't change the number with
other ways. Even you edit the files related with the number, it would
change back to 25,000. Only use the VPN-1 Pro can avoid the limitation.
Best Regards,
Thomas Su
Dynasafe Technologies, Inc.
Eric Janz wrote:
HI again LindSay,
thanks again for your advice. Hmmm, one question, do you think tehre is ny
workaround using dbdiff or some tool on commmandline level to increase
that table limit although we are using the express license?
I am reading the Performance Tuning Guide and they suggest to edit some
files including the
objects_5_0.C
http://www.checkpoint.com/techsupport/documentation/FW-1_VPN-1_performance.html#nokia
The interesting part:
[...]
3. Adjusting the NAT tables parameters - size and hash
In environments with large (> 25000) number of concurrent connections with
address translation increase the NAT tables size and hash size.
Insufficient NAT tables size can lead to serious performance degradation.
in $FWDIR/conf/objects_5_0.C file, under props: section:
:nat_limit (xxx) - to xxx desired value, default 25000
:nat_hashsize (yyy) - to yyy desired value, power of 2 close to (or
over) the table limit
[...]
Thanks a lot,
Bye,
Eric Janz
Departamento de Sistemas
Grupo Barceló Viajes
C\ 16 de Julio, 75
07009 Polígono Son Castelló
Palma de Mallorca - Baleares
Tel.: +34 971 448030
Fax.: +34 971 436986
Lindsay Hill <[EMAIL PROTECTED]>
24/09/2005 12:07
Para
Eric Janz <[EMAIL PROTECTED]>
cc
Asunto
Re: [FW-1] Howto increase connection table limit
One thing - I don't know how easy it is to migrate from Express to
Enterprise/Pro - I'm not sure if you can just get away with changing
the license, or if you'll need to rebuild the module.
Once it is Pro, changing the connections limit is pretty easy, all
done through the GUI. No need to muck around with modzap and stuff
like you used to have to.
- Lindsay
On 24 Sep 2005, at 10:54, Eric Janz wrote:
Hi Lindsay,
thank you very much for your advice.
We will chabge to pro licensing so.
Best regards,
Eric Janz
Departamento de Sistemas
Grupo Barceló Viajes
C\ 16 de Julio, 75
07009 Polígono Son Castelló
Palma de Mallorca - Baleares
Tel.: +34 971 448030
Fax.: +34 971 436986
Lindsay Hill <[EMAIL PROTECTED]>
Enviado por: Mailing list for discussion of Firewall-1
<[email protected]>
24/09/2005 11:02
Por favor, responda a
Mailing list for discussion of Firewall-1
<[email protected]>
Para
[email protected]
cc
Asunto
Re: [FW-1] Howto increase connection table limit
No, that is one of the limitations of the Express Licensing. You'll
need to change to Pro licensing if you need to support more
connections.
- Lindsay
On 24 Sep 2005, at 09:32, Eric Janz wrote:
Hi dear Gurus,
we have a CheckPoint FW-1 with an Express License. Is there a way to
unlimit the connection table limit?
Thanks in advance,
Eric Janz
Departamento de Sistemas
Grupo Barceló Viajes
C\ 16 de Julio, 75
07009 Polígono Son Castelló
Palma de Mallorca - Baleares
Tel.: +34 971 448030
Fax.: +34 971 436986
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
