1. Home
  2. Networking Firewalls
  3. Checkpoint Firewall Error

Checkpoint Firewall Error

Hi all,

I need some help over here, recently i just installed a Checkpoint Firewall version R55 with Hotfixes HFA15 on windows 2000 Server. The Checkpoint Firewall is running stand alone. After run for one week, it show some errors in the windows event viewer,

\\Device\\FW1, FW-1: fwconn_chain_get_something: fwconn_chain_l-->. \\Device\\FW1, -->ookup failed (5). \\Device\\FW1, ndis_allocate_buffer: failed to allocate 1445 by-->. \\Device\\FW1,

-->tes(0xc0000001). \\Device\\FW1, ndis_packet_duplicate: failed to allocate buffer. \\Device\\FW1, FW-1: one_packet_duplicate_if_needed(85ad130c): -->. \\Device\\FW1, -->duplicate failed. \\Device\\FW1, FW-1: one_cookie_put_data: failed to duplicate c-->. \\Device\\FW1, -->ookie. \\Device\\FW1, FW-1: cookie_put_data_at: failed to put one cookie. \\Device\\FW1, FW-1: fw_xlate: cannot restore data in packet. \\Device\\FW1, Error: FW-1 failed to generate the log record.. FW-1: stopping debug messages for the next 59 -->. \\Device\\FW1, -->secon.

\\Device\\FW1, NDISWANIP.

Anyone have any idea what is the reason this error coming out and what is the solution? This errors make my firewall hang for whole night. After reboot the machine, it is working fine again.

I would appreciate to have your expert advise on this.

Reply to
badraylaw
Loading thread data ...

It sounds like you are handling more connections than the Connection Table can handle. Go into the Firewall object and look for "Capacity Planning", by default it is setup for up to 25,000 connections. Double this to 50,000, you'll see the memory allocation automatically adjust.

Wayne McGlinn Brisbane, Oz

Reply to
Wayne

Wayne ( snipped-for-privacy@briz.oz) wrote: : It sounds like you are handling more connections than the Connection Table : can handle. Go into the Firewall object and look for "Capacity Planning", by : default it is setup for up to 25,000 connections. Double this to 50,000, : you'll see the memory allocation automatically adjust.

Actually it is more likely that the user is out of memory. When the connection table is exhausted sessions are simply dropped. The firewall will appear to be running fine, people with existing connections will see no problems but attempts to make new connections will fail.

The user needs to do a 'fw ctl pstat'. This will probably point out that one of the memory pools is exhausted.

However, your suggestion might well solve the issue since increasing the connection table does, as your pointed out, increase the automatic memory allocation.

Richard H. Miller, MCSE, CCSE+ Information Security Manager Information Technology Security and Compliance Information Technology - Baylor College of Medicine

: Wayne McGlinn : Brisbane, Oz

: > I need some help over here, recently i just installed a Checkpoint : > Firewall version R55 with Hotfixes HFA15 on windows 2000 Server. The : > Checkpoint Firewall is running stand alone. After run for one week, : > it show some errors in the windows event viewer, : >

: > \\Device\\FW1, FW-1: fwconn_chain_get_something: fwconn_chain_l-->. : > \\Device\\FW1, -->ookup failed (5). : > \\Device\\FW1, ndis_allocate_buffer: failed to allocate 1445 by-->. : > \\Device\\FW1, -->tes(0xc0000001). : > \\Device\\FW1, ndis_packet_duplicate: failed to allocate buffer. : > \\Device\\FW1, FW-1: one_packet_duplicate_if_needed(85ad130c): -->. : > \\Device\\FW1, -->duplicate failed. : > \\Device\\FW1, FW-1: one_cookie_put_data: failed to duplicate c-->. : > \\Device\\FW1, -->ookie. : > \\Device\\FW1, FW-1: cookie_put_data_at: failed to put one cookie. : > \\Device\\FW1, FW-1: fw_xlate: cannot restore data in packet. : > \\Device\\FW1, Error: FW-1 failed to generate the log record.. : > FW-1: stopping debug messages for the next 59 -->. : > \\Device\\FW1, -->secon. : >

: >

: > \\Device\\FW1, NDISWANIP. : >

: > Anyone have any idea what is the reason this error coming out and what : > is the solution? : > This errors make my firewall hang for whole night. After reboot the : > machine, it is working fine again. : >

: > I would appreciate to have your expert advise on this. : >

Reply to
Richard H. Miller

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.