We currently have and Sun E250 running Solaris 2.6 (and the latest cluster
patch from Sun) with the VPN-1 Accelerator Card installed and Checkpoint 4.0.
Prior to installing the Accelerator Card we were using SP3 and then
installed the Accelerator Card build on top of that. I read that you weren't
supposed apply SP3 on top of the AC build. Is it a problem the other way
around like we did it?
A couple of things we've noticed so far:
1) The 'fw ctl pstat' does not show 'Hash kernel memory statistics' or
'System kernel memory statistics' details any more. It only shows the
headings, such as "hmem kernel memory statistics:", but nothing follows.
However, if I go into crash and do 'od -x fwhmem' it shows the memory change.
2) After adding IKE tunnels the FWZ tunnels start timing out. Both sides
will eventually sync up and the FWZ tunnels will work, but it's very slow to
start sending traffic. There are a couple rejects because the other end
doesn't respond with the FWZ scheme in time. Then all of a sudden both sides
will agree on FWZ and all is well. This is not the case with the IKE tunnels.
Has anyone else noticed either the pstat output difference or problems with
FWZ tunnels?
We have over a hundred FWZ tunnels that we want to roll over to IKE tunnels
and use the card. Currently, we have another E250 built with the same config
that is running Solaris 2.5.1 and does not have the AC. I'm not sure whether
we should just quickly convert all the tunnels to IKE or rebuild the Solaris
2.6/AC box without ever having SP3 on it before going any further.
Any comments or suggestions would be greatly appreciated. I can provide more
details on the configuration if that would help.
Thanks in advance,
Wyman
--
Wyman Stocks, CCSE, CCNA, CISSP
Network Systems Consultant - Lucent NPS
Raleigh, NC
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
