Interesting. I have approximately 23,000 objects defined in my objects.C
(It is 15 MB in size) and it works just fine. I do need to the following to
get things to work smoothly:
1. Specify fw_light_verify (true) (see Phoneboy FAQ),and,
2. Raise the fwd_conn_tout value (again see Phoneboy FAQ), and,
3. Be at SP7 (I'm Version 4.0)
The latter requirement is needed in order to get gen times of 30 seconds
instead of 45 minutes. Load times are still in the range of 3 to 4 minutes.
Hope this helps.....
>From: LEYMARIE Gerard <[EMAIL PROTECTED]>
>To: Klaubert Herr da Silveira <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED]
>Subject: RE: [FW1] Objects.c: Maximum size reach
>Date: Tue, 10 Oct 2000 16:30:25 +0200
>
>
>Of course, in a first time I cleaned up the database, but I really need my
>objects and more!!!
>
>Here the answers of chkpt support:
>
>Currently if your objects.c file grows close to or exceeds 1mg, or you
>have
>more than about 1000 or so objects, you will start to see performance
>issues
>and in extreme cases the Firewall may fail to compile the policy. In order
>to remedy the situation you will need to scale down the objects.c file. You
>can do this by not defining each individual workstation unless it plays a
>special role such as Email server, web server, or databse. In Firewall
>version 5.0 this issue should be addressed allowing for a greater objects.c
>file.
>
>My conclusion is: Checkpoint is wrong mhen they say there is no limit for
>objetcs.C
>
>In version 3.0 it was possible to modify the HEAP parameter to provide more
>memory available for the compilation daemon. But in the 4.x version this
>parameter has disapear.
>
>I think the daemon do a malloc of 1Mo and that's all
>
>
>
>
>-----Original Message-----
>From: Klaubert Herr da Silveira [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, October 10, 2000 3:39 PM
>To: [EMAIL PROTECTED]
>Subject: RE: [FW1] Objects.c: Maximum size reach
>
>
>
>I hit this problem some time ago, and I turn around by
>editing the objects.c file and do a clening on it.
>I retire all that is not needed.
>So I could put 2000 objects on firewall...
>But you must take care on change the file, once is
>sensitive.
>
>Klaubert Herr
>
>
>All,
>
>I think I reached the maximum size of objects.C (1Mo)
>because when I add
>something to my configuration, my management hang ( it
>doesn't compile, it
>do anything), even if you wait for a long time.
>Normally my compilation
>takes less than 30 seconds.
>When I remove some object ( until the size of the file
>is more than 1Mo),
>the compilation works fine!
>
>Does anyone can help me with this problem?
>
>My environnement is FW-1 4.1SP2 uder NT4SP6a for the
>management.
>
>Many thanks
>
>
>__________________________________________________
>Do You Yahoo!?
>Get Yahoo! Mail - Free email you can access from anywhere!
>http://mail.yahoo.com/
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
