You issue the following command on the CLI and check and see if
you available allocated connections are used up.
Check the limit (command below), if the amount of connections
are close to full then that is more that likely what it causing your
problem, if you are using the default number of connections (25,000) you
can try and up the amount to 30-50k via the Dashboard. You can also
issue the "fw tab -x fwx_alloc" command and clear the connections see if
they were just not timed out correctly.
I have run into this problem mostly because of the various virus
infections on hosts that were NAT'ted to the firewall and the firewall
did not seem to remove most of the connections; I have asked Checkpoint
about this but there response was to upgrade to NG AI.)
[root@fw /]# fw tab -t fwx_alloc
localhost:
-------- fwx_alloc --------
dynamic, id 8187, attributes: keep, sync, limit 50000, hashsize 262144
<00000006, c7b586d4, 0000b58c, 0ac10c36>
<00000006, c7b586d4, 0000a67f, c7b5858c>
<00000006, c7b586d4, 0000b11f, c7b5858c>
<00000006, c7b586d4, 0000ae56, 0ac10c0a>
<00000006, c7b586d4, 00009203, 0ac1121b>
<00000006, c7b586d4, 000035cc, 4051af09>
<00000006, c7b586d4, 00009c48, 0ac10c44>
<00000006, c7b586d4, 0000ae38, 0ac10c55>
<00000006, c7b586d4, 0000a161, c7b58715>
<00000006, c7b586d4, 000092b1, 0ac111d0>
<00000006, c7b586d4, 00009d81, c7b58715>
<00000006, c7b586d4, 00009026, 0ac10c30>
<00000006, c7b586d4, 00007334, c7b58606>
<00000006, c7b586d4, 0000a53d, 0ac10c60>
<00000011, c7b586d4, 0000ab76, 0ac1ff25>
<00000001, c7b586d4, 000038d7, c7b586d3>
...(2011 More)
Chris C. Burton
Network Engineer
Walt Disney Internet Group: Network Services
-----Original Message-----
From: Michael Schwartzkopff [mailto:ccse_fw1 AT MULTINET DOT DE]
Sent: Monday, September 29, 2003 1:31 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] NAT hide failure. no free port
Hi,
we exparience the following error on our firewall:
NAT hide failure, could not find free port
in the firewall logfiles and in the system logfiles:
fw_xlate_anticipation: fwx_anticipate_server_side failed
fwconn_pending_intercept: id_set_wto(conn_nsons) failed
Our System: NG FP2, distrubuted management and a cluster firewall.
Any ideas? Any help?
Thanks.
M. Schwartzkopff
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
