>I have these messages in my firewall-1 Version 4.0 SP7:
>
>Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_init_xlation_tables:
>fw_xlate_set_tables failed
>Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_xlate_forw: failed to initialize the
>connection
>Mar 6 16:34:40 fw1_venus01 unix: FW-1: fw_xlate_set_tables: ld_set_wto to
>fwx_forw_tab
Looks to me, remarkably like you are running out of memory on your firewall.
Or at least, connection table space. IIRC firewall 1 allocates 5 Mb of memory to
connections and there is some form of hard limit of 25000 connections. This gets
exhausted much more rapidly for NAT connections, since they are (from the point
of view of the firewall) two different connections.
Useful commands to check this (run on yer fw) are:
fw ctl pstat
fw tab -t fwx_forw -s
fw tab -t fwx_backw -s
fw tab -t connections -s
the tables commands will give you a list of currently open connections.
fwx_forw and backw are the ones which are being NATed
Problems with this can becaused with asymmetric routing (because otherwise you
have to wait for the connection to time out - default of 1 hour) or an internal
portscan.
--
Ed Rolison
Systems Admin
ER706-RIPE
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
