Hi All,
I hope that you can help me to understand the problem of our Check Point.
I know that Check Point NG-R55 AI / HFA-17 on Windows 2000 Server is not
what we should be using, but this is what we have now.
This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence (R55) HFA_17, Hotfix 670 - Build 00
I wonder if we have reached some non obvious NG-R55 AI limits or our
DELL-1750 has some HW problems.
What we actually see is that during the day all of a sudden the Tracker
shows for a couple of seconds all the new connections dropped by the last
rule and then all is back to normal till the next time.
The Windows log is full of events like the these:
--------------------------------------------------------------------------------------------------
FW1: FG-1: Memory alloc failed: (fg_stat_ioctl:fg_status)
FW1: FG-1: Memory alloc failed: (fg_new_lnode:Could n failed to create flow
lnode (fg_chain) ith_plink:0)
FW1: FG-1: lnode alloc failed (etm_build_flow_lnode_w ot allocate a new
lnode.)
FW1: FG-1: Memory alloc failed: (fg_chain:packet)
FW1: Error: FW-1 failed to generate the log record.
----------------------------------------------------------------------------------------------------
What we can see is the following error outputs:
C:\fw tab -t fwx_alloc
localhost:
Table fwx_alloc not loaded
C:\fw tab -t connections
localhost:
Table connections not loaded
Here is the output of the “fw ctl pstat”:
Hash kernel memory (hmem) statistics:
Total memory allocated: 106413388 bytes in 25974 4KB blocks using 6 pools
Initial memory allocated: 6291456 bytes (Hash memory extended by 100121932
bytes)
Memory allocation limit: 106373602 bytes using 10 pools
Total memory bytes used: 104720116 unused: 1693272 (1.59%) peak:
104540484
Total memory blocks used: 25974 unused: 0 (0%) peak:
25974
Allocations: 705543732 alloc, 7085924 failed alloc, 704271148 free
System kernel memory (smem) statistics:
Total memory bytes used: 134217668 peak: 134217700
Allocations: 12683408 alloc, 1215859 failed alloc, 12579500 free, 0 failed
free
Kernel memory (kmem) statistics:
Total memory bytes used: 127341808 peak: 130025920
Allocations: 718177006 alloc, 1215687 failed alloc, 716800523 free,
0 failed free
NDIS statistics:
Packets in use: 4209
Buffers in use: 141666
Kernel stacks:
131072 bytes total, 8192 bytes stack size, 16 stacks,
2 peak used, 4176 max stack bytes used, 440 min stack bytes used,
0 failed stack calls
INSPECT:
63576642 packets, -1724923384 operations, 547543760 lookups,
12038361 record, 663016441 extract
Cookies:
415704786 total, 0 alloc, 0 free,
169437380 dup, 1025104969 get, 171980770 put,
421038227 len, 1513539 cached len, 0 chain alloc,
0 chain free
Connections:
8549666 total, 2955839 TCP, 5449509 UDP, 141191 ICMP,
3127 other, 1759 anticipated, 0 recovered, 68178 concurrent,
74190 peak concurrent, 1337857110 lookups
Fragments:
1035739 fragments, 510963 packets, 3560 expired, 0 short,
0 large, 1 duplicates, 1011 failures
NAT:
87445692/0 forw, 81680062/0 bckw, 168731418 tcpudp,
394336 icmp, 4462895-4426609 alloc
Sync: off
------------------------------------------------------------------------------------------
Because of the non-zero “faled_alloc” we increased the RAM from 1GB to 2GB,
but this didn’t solve the problem.
We had set the NAT limit from 25000 to 50000 and apparently we haven’t
reached the limit:
fw tab -t fwx_alloc -s
HOST NAME ID #VALS #PEAK
#SLINKS
localhost fwx_alloc 8187 36485 44203
0
We set the maximum connections to 100000 and apparently we haven’t reached
the limit neither:
fw tab -t connections -s
HOST NAME ID #VALS #PEAK
#SLINKS
localhost connections 8158 67941 74190
238553
--------------------------------------------------------------------------------------------------
Have you ever experienced such a problem and do you have any idea about the
source and how to solve it?
Sava
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
