I don't know how many folks out there run FW-1 on NT (we won't be for too
much longer hopefully). However, here are some things we found to do in
order to keep the NT FW service up and working as long as possible.
Most NT FW-1 administrators know that NT has some memory management issues
and it doesn't help that FW-1 is ported to NT from Solaris so there are
probably some porting issues at play here. Most notably, the httpd security
server becomes sluggish and eventually chokes after a period of time (can be
hours or even days for us).
I've found that if you kill the httpd service (by it's PID) you can extend
the operational (between mandatory reboots) time of the FW-1 services. It
appears as though this has no negative effects since another httpd security
server is spawned after the initial one is killed.
Here's how it goes:
1) Install the NT Resource kit on the Firewall-1 server(s) (not the
management).
2) Make sure the directory containing kill.exe is in your path
3) Create a bat file that contains the following command line:
for /f %%k in ($FWDIR\tmp\in.ahttpd.pid) do kill %%k
In this syntax, $FWDIR = the path to your Firewall-1 directory
Here's an example: for /f %%k in (c:\winnt\fw\tmp\in.ahttpd.pid) do
kill %%k
4) Create an AT job to run this bat file as needed (we do it hourly)
I hope this serves to help some of the other frustrated NT FW-1 admins out
there. I know
most people (who are more advanced than myself) would probably write a perl
script to do
the very same thing. Let us know if this helps your cause and by the way, I
take no responsibility
or assume any liability for any damage that is a result of attempting this.
Use this information
at your own risk.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
