Scott,
There were a couple of changes that were made going to ver 4+. What
affected me
was the way that the UDP rejects were handled. Below is a snippet from a
multitude
of emails that I received that seemed to solve the problem. My machine has
bee
up now for 177 days with no reboot and the majority of my swap space is
still
unused.
> "Jeffrey L. Oliver" wrote:
>> >
>> > I was emailed a tip as follows:
>> >
>> > ***************************
>> > Gentlemen,
>> >
>> > I too suffered long and hard with this problem, sending many dumps to SUN,
>> > talking myself blue in the face to my VAR. Finally, a friend at CKP,
>> > pointed me to a url. They used
>> > to have www pages that listed known bugs and the associated FW
>> > version/level along with operating systems. Oh, how I long for those days,
>> > the knowledge base is almost useless
>> > in my opinion. I would much prefer to page through ALL known problems,
>> > what
>> > is to say I don't have a problem that I have yet to even find!!!!! But I
>> > have rambled enough.
>> >
>> > This patch worked for me... running FW 4.0 sp1 on Solaris 2.6 with
>> > recommend security patches. The following came directly from a "old" CKP
>> > page. (Remember back up the file
>> > before altering, AND, I nor my employer take no responsibility; just
>> > trying to help.)
>> >
>> > 1. Stop Firewall-1 by running $FWDIR/bin/stop.
>> > 2. Edit $FWDIR/conf/objects.C After the line: :props( Add the line:
>> > :udp_reject (false)
>> > 3. Start Firewall-1 by running $FWDIR/bin/fwstart.
>> >
>> > Good luck,
Hope that this helps,
Jeff
"Boomgaardt, Scott" wrote:
>
> Jeff,
>
> I found your post to a mailing list today detailing a problem that I believe
> we are experiencing. I found by looking at a customized ps output ("ps -e
> -o "pcpu pmem vsz rss osz pid user args" | grep alertd") that the alertd
> process is the one eating up memory in 8k chunks as you mentioned in your
> post.
>
> We're currently running FW-1 version 4.1 build 41439 on an E-250 with
> Solaris 7.
>
> Was a resolution found for your problem? I've looked briefly at
> Checkpoint's site with no results.
>
> Thanks for your help!
> Scott
>
> Scott Boomgaardt
> EDS Canada Firewall Team
> London Solution Centre
> 150 Dufferin Ave. Suite 300
> London, ON N6A 5N6
> * phone: +01-519-645-3753
> * mailto:[EMAIL PROTECTED]
>
> FROM: Jeffrey L. Oliver
> DATE: 07/11/2000 10:28:58
> SUBJECT: RE: [FW1] Solaris machine hangs
>
> Hans,
>
> No, all I have running is the following:
>
> dogbert:/ # ps -ef
> UID PID PPID C STIME TTY TIME CMD
> root 0 0 0 03:31:09 ? 0:00 sched
> root 1 0 0 03:31:09 ? 0:00 /etc/init -
> root 2 0 0 03:31:09 ? 0:00 pageout
> root 3 0 0 03:31:09 ? 0:00 fsflush
> root 326 323 0 03:31:56 ? 0:00 /usr/lib/saf/ttymon
> root 134 1 0 03:31:21 ? 0:00 /etc/fw.boot/fwboot bootd
> root 323 1 0 03:31:55 ? 0:00 /usr/lib/saf/sac -t 300
> root 280 1 0 03:31:43 ? 0:01 /usr/sbin/vold
> root 243 1 0 03:31:41 ? 0:00 /usr/sbin/syslogd
> root 251 1 0 03:31:42 ? 0:00 /usr/sbin/cron
> root 257 1 0 03:31:42 ? 0:00 /usr/sbin/nscd
> root 238 1 0 03:31:41 ? 0:00 /usr/sbin/inetd -s
> root 395 389 1 08:36:51 pts/0 0:00 -ksh
> root 324 1 0 03:31:55 console 0:00 /usr/lib/saf/ttymon -g -h -p
> dogbert console login: -T sun -d
> root 271 1 0 03:31:43 ? 0:00 /usr/lib/utmpd
> root 316 1 0 03:31:51 ? 0:00 /opt/CKPfw/bin/snmpd
> root 315 310 0 03:31:50 ? 0:00 alertd -A -l
> root 310 1 0 03:31:49 ? 0:02 fwd
> root 318 1 0 03:31:52 ? 0:01 fwm
> root 320 310 0 03:31:52 ? 0:01 mdq
> root 470 395 0 11:25:50 pts/0 0:00 ps -ef
> oliver 389 387 0 08:36:41 pts/0 0:00 -ksh
> root 387 238 0 08:36:41 ? 0:00 in.telnetd
> dogbert:/ #
>
> Jeff
>
> Hans Schaechl wrote:
> >
> > Hi Jeff,
> >
> > do you have by any chance Solaris automounter running?
> > Are /etc/rc2.d/S74autofs and files /etc/auto_master etc.
> > in place? If yes, disable the rc-script and/or comment out
> > all lines in /etc/auto_* files. (In case you don`t use it ;))
> >
> > Hans
> >
> > At 10:02 11.07.00 -0600, you wrote:
> >
> > >Dieter Gobbers wrote:
> > > >
> > > > On 10-Jul-00 Sujit Choudhury wrote:
> > > > >
> > > > > I have used fw ctl pstat command.
> > > > > It says about 3Mbytes have been allocaated into FW-1`s kernel memory
> > > > > and most of it is still available.
> > > > > However looking at the way Solaris works, it appears that the size
> of
> > > > > freelist as found from vmstat and sar -r will apear to shrink to a
> very
> > > > > small value, determined by lotsfree. In our case we have used the
> > > > > default which is 1/64 of the RAM i.e. 2Mbytyes. The problem usually
> > > > > starts when the freelist attains the value of around 2Mbytes.
> > > > > I was wondering whether increasing lostsfree (making it bigger that
> > > > > 3Mbytes)would stop the machine hang. Has it been tried?
> > > > >
> > > > > Sujit
> > > > >
> > > > >
> > > > >> Sujit Choudhury wrote:
> > > > >> >
> > > > >> > We are running Checkpoint FireWall-1 Version 4.0 Build 4094. I
> have
> > > > >> > applied service pack 4 and 5 to bring it up to the latest build.
> The
> > > > >> > hardware is Sun Ultra 5/10, with 128Mbytes of memory. The OS is
> > > > >> > Solaris 2.6 with kernel patch 105181-21. I am not running CDE so
> most
> > > > >> > of the memory is used for running the OS and Firewall.
> > > > >> > In spite of this I am getting system hang on a regular basis. It
> seems
> > > > >> > from sar output, whenever the free memory drops below a certain
> figure
> > > > >> > we are then in the danger zone.
> > > > >> > Has anybody come across this thing or any solution for this? We
> are
> > > > >> > having great difficulty in maintaing our service.
> > > > >> >
> > > > >> > Many thanks
> > > > >> >
> > > > >> > Sujit
> > > >
> > > > >>
> > > > >> Sujit,
> > > > >>
> > > > >> Just so you don`t feel all alone, I also am experiencing this
> problem.
> > > > >> From
> > > > >> my standpoint, it looks like a memory leak. The Sun guys do not
> think so.
> > > > >>
> > > > >> I have a Ultra 10 running 2.6, with the jumbo patch installed. The
> machine
> > > > >> has 128MB ram and 2 quad 10/100 nic`s. The console sits not logged
> in at
> > > > >> the login prompt (not openwin or cde).
> > > > >>
> > > > >> If I use vmstat on the box, I can see that the memory goes away in
> about
> > > > >> 8k chunks until I start using swap space. It then keeps chunking
> away
> > > > >> memory
> > > > >> until I run out of swap and the machine will hang.
> > > > >>
> > > > >> As yet, I have not found a fix.
> > > > >>
> > > > >> Jeff
> > > >
> > > > Hello,
> > > >
> > > > We have the same problem here at our site, about every week our
> firewall
> > > > started to slow down and then stopped. We`ve been unable to use even
> the
> > > > console...
> > > > I`ve written a few scripts to watch certain system
> parameters/conditions which
> > > > reboot the system if the defined limits are exceeded.
> > > > During the "development" of those scripts I`ve noticed that the
> available
> > > > memory is decreasing without any sign who is consuming it.
> > > > I always thought that this is caused due to the fact that I cannot
> install any
> > > > kernel patches on our server (E250/Solaris 2.6 HW3/98)...
> > > >
> > > > I could send you my scripts if you are interested. They don`t solve
> the cause
> > > > of the problem but the ugly effects are minimized.
> > > >
> > > > Greetings,
> > > >
> > > > Dieter Gobbers
> > >
> > >Something to note. I tried this a little while ago and am convinced
> > >that it is not a FW-1 problem, but a OS/HW bug.
> > >
> > >I disabled the FW software from loading (renamed the startup scripts in
> > >the /etc/rcX.d directories) and rebooted the box. Same thing, the
> machine
> > >lost memory in 8K chunks untilit died (no response even on the console).
> > >This makes me think that it is an OS problem???
> > >
> > >I don`t know if FW-1 makes modifications to the ethernet drivers when it
> > >installs. If it does, there could be some problem with the mods.
> > >
> > >
> > >Jeff
>
> --
> Sys Admin. It`s a dirty job, but someone said I had to do it!
> ------------------------------------------------------------------------
> Jeffrey L. Oliver Tel: (403) 329-5162
> Network Analyst Cell: (403) 315-4461
> The University of Lethbridge
> 4401 University Drive email: <EMAIL: PROTECTED>
> </contact.php3?[EMAIL PROTECTED]>
> Lethbridge, Alberta www: <http://home.uleth.ca/~jeff.oliver>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> <http://www.checkpoint.com/services/mailing.html>
> ============================================================================
> ====
--
Sys Admin. It's a dirty job, but someone said I had to do it!
------------------------------------------------------------------------
Jeffrey L. Oliver Tel: (403) 329-5162
Network Analyst Cell: (403) 315-4461
The University of Lethbridge
4401 University Drive email: [EMAIL PROTECTED]
Lethbridge, Alberta www: http://home.uleth.ca/~jeff.oliver
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
