Hi All,
It looks like after enabling the "Keep all connections", the connections
is not dropping when pushing the policy. But this exercise was done in
after office hours. I will update once we are pushing the policy in full
load.
Thanks for your suggestions
Regards
Mohamed.N
2380
moham...@fss.co.in
+91 95001 29207
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of Ray
Sent: Saturday, February 25, 2012 11:29 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Connections dropping when pushing policy
I think I confused mutli-core with multi-CPU. When we bought new
hardware about four years ago we had to buy a 2-core CPU instead of the
normal quad core because of our licensing.
Until CoreXL supports QoS it's staying disabled.
Ray
> Date: Fri, 24 Feb 2012 07:41:36 -0500
> From: itsec.itcons...@gmail.com
> Subject: Re: [FW-1] Connections dropping when pushing policy
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
>
> Prior to R70, CoreXL wasn't part of maintrain code, and was only
introduced
> as a special release after R65. This is the component that makes use
of
> multiple CPUs.
>
> On Nokia, you also needed IPSO version 607 or later to use this
feature.
>
> On Thu, Feb 23, 2012 at 8:22 PM, Ray <sixsigm...@hotmail.com> wrote:
>
> > I'm confused. I thought the Nokia on R65 was the firewall. The
firewalls
> > are licensed by CPU but the SmartCenters are not.
> >
> > I'm pretty sure that Check Point did not enforce the CPU limit until
very
> > recent versions. But maybe not. I do get confused easily any more,
> > especially on Check Point licensing. :-)
> >
> > Ray
> >
> > > Date: Thu, 23 Feb 2012 12:18:33 +0530
> > > From: moham...@fss.co.in
> > > Subject: Re: [FW-1] Connections dropping when pushing policy
> > > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> > >
> > > I am not getting this NTP error message, anyway have enabled "Keep
all
> > > connections" as per Tom's advice. We are looking for a good time
to push
> > > and test. Thanks for all people replied, will get back with the
results.
> > >
> > > Ray,
> > >
> > > Why we used R75.20 was the Nokia was told to have 4 processors and
it
> > > was using only 1 at a time. We were advised to use R75.20 to solve
this.
> > >
> > >
> > > Regards
> > > Mohamed.n
> > >
> > >
> > >
> > >
> > > 2380
> > >
moham...@fss.co.in
> > > +91 95001 29207
> > >
> > > -----Original Message-----
> > > From: Mailing list for discussion of Firewall-1
> > > [mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of
Matthew
> > > Rossiter
> > > Sent: Wednesday, February 22, 2012 12:39 AM
> > > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> > > Subject: Re: [FW-1] Connections dropping when pushing policy
> > >
> > > I had the same problem with a pair of Nokia's in a vrrp
configuration
> > > and a large policy. Every time I pushed policy connections would
get
> > > dropped. In the Nokia system logs I would see a lot of ' xntpd:
> > > restarting' messages.
> > > I found sk40322 and ended up disabling NTP as it recommends and
just
> > > running an ntpdate once an hour. First thing I noticed was the
CPU load
> > > dropped by quite a bit and haven't seen a problem with dropped
> > > connections since then.
> > >
> > > Matt
> > >
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================
DISCLAIMER:
==========================================================================================================================================================The
information contained in this e-mail message may be privileged and/or
confidential and protected from disclosure under applicable law. It is intended
only for the individual to whom or entity to which it is addressed as shown at
the beginning of the message. If the reader of this message is not the intended
recipient, or if the employee or agent responsible for delivering the message
is not an employee or agent of the intended recipient, you are hereby notified
that any review, dissemination,distribution, use, or copying of this message is
strictly prohibited. If you have received this message in error, please notify
us immediately by return e-mail and permanently delete this message and your
reply to the extent it includes this message. Any views or opinions presented
in this message or attachments are those of the aut!
hor and do not necessarily represent those of the Company. All e-mails and
attachments sent and received are subject to monitoring, reading, and archival
by the
Company.==========================================================================================================================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================
