Eric Carr wrote:
>
> For some reason, after about 2 days uptime, my Sonicwall DMZ log starts
> filling up with "The cache is full; over 2048 simultaneous connections; some
> will be dropped" error messages, which of course makes our
> connection-test-scripts flood us with error-report emails.
>
> Has anyone got an idea why "the cache is filled up" ?
SonicWall is based on Checkpoint FW-1 code. Like FW-1 it has a state
table that will only handle so many entries. See:
http://www.enteract.com/~lspitz/fwtable.html
for details. Lance has found a number of methods over the last year of
saturating this table so that connections get dropped. My guess would be
SonicWall has a much smaller table since its designed for smaller
installations. You could be hitting that limit or someone else is
generating traffic to hit it for you.
Kind of interesting, following their "Security Advisory" link off the
main page I see no mention of addressing _any_ of the issues that Lance
found in FW-1. Could be they have not addressed them yet.
HTH,
Chris
--
**************************************
[EMAIL PROTECTED]
* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
