Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet Goes Down after a while

Status
Not open for further replies.
Legions

Legions

MIS
Feb 10, 2003
37
0
0
US
Been having an intermitten problem with our access to the Internet only. The internal LAN is not effected at all. It seems the firewall is trying to write to the Host_table and is failing. After several thousand retries it stops trying and access to the internet goes by by.

Just rebooting the Firewall/VPN/Router Combo (Nokia Checkpoint) - resets this problem for about 4 - 15 hours depending on internet usage.

Can anyone take a quick look at this log, I'm not a network expert and I'm a little timid when tampering with the settings:

10-23-2003 13:03:59 Kernel.Critical 192.168.1.1 Oct 23 12:25:42 [LOG_CRIT] kernel: FW-1: cannot list internal hosts
10-23-2003 13:03:59 Kernel.Critical 192.168.1.1 Oct 23 12:25:42 [LOG_CRIT] kernel: .
10-23-2003 13:03:59 Kernel.Critical 192.168.1.1 Oct 23 12:25:42 [LOG_CRIT] kernel: FW-1: too many internal hosts (2730) detectedFW-1: h_getvals: fw_kmalloc (371280) failed
10-23-2003 13:01:52 Kernel.Critical 192.168.1.1 Oct 23 12:23:35 [LOG_CRIT] kernel: FW-1: cannot list internal hosts
10-23-2003 13:01:52 Kernel.Critical 192.168.1.1 Oct 23 12:23:35 [LOG_CRIT] kernel: .
10-23-2003 13:01:52 Kernel.Critical 192.168.1.1 Oct 23 12:23:35 [LOG_CRIT] kernel: FW-1: too many internal hosts (2654) detectedFW-1: h_getvals: fw_kmalloc (360944) failed
10-23-2003 12:59:45 Kernel.Critical 192.168.1.1 Oct 23 12:21:28 [LOG_CRIT] kernel: FW-1: cannot list internal hosts
10-23-2003 12:59:45 Kernel.Critical 192.168.1.1 Oct 23 12:21:28 [LOG_CRIT] kernel: .
10-23-2003 12:59:45 Kernel.Critical 192.168.1.1 Oct 23 12:21:28 [LOG_CRIT] kernel: FW-1: too many internal hosts (2227) detectedFW-1: h_getvals: fw_kmalloc (302872) failed
10-23-2003 12:58:12 Kernel.Critical 192.168.1.1 Oct 23 12:19:55 [LOG_CRIT] kernel: ll-1 reseller.
10-23-2003 12:58:12 Kernel.Critical 192.168.1.1 Oct 23 12:19:55 [LOG_CRIT] kernel: 9.170.59, 202.50.90.9, 198.81.16.102, 61.195.216.15, 202.53.52.14, 211.107.31.73, 210.226.2.193, 61.31.192.211, 216.109.118.68, 64.81.87.227, 216.109.118.71, 218.163.178.139, 218.47.158.6, 202.224.64.217, 64.119.221.196, 150.99.198.6, 128.2.10.113, 218.47.158.1, 67.250.128.77, 216.109.118.65, 202.67.88.125, 216.109.118.64, 65.114.0.198, 207.68.177.126, 65.114.0.197, 211.223.43.250, 61.111.146.164, 211.55.245.19, 211.6.71.34, 202.62.88.3, 218.160.10.141, 202.62.86.3, 211.61.83.22, 216.109.118.77, 208.172.0.132, 128.11.22.115, 219.160.13.130, 216.109.118.76, 65.178.254.10, 219.163.201.129, 211.105.85.67, 128.11.22.114, 128.2.120.123, 195.83.241.106, 202.220.200.236, 211.104.171.65, 202.228.192.212, 218.38.18.6, 140.209.182.167, 10.254.251.14, 150.99.38.15, 65.177.62.10, 128.11.22.113, 209.167.89.141, 216.109.118.78, 218.159.48.190, 128.11.22.112, 216.109.118.73, 202.160.128.150, 61.62.138.254, 61.216.116.24, 66.39.101.155, 65.224.232.94, 218.112.134.85, 128.11.20.116, 211.1
10-23-2003 12:58:12 Kernel.Critical 192.168.1.1 Oct 23 12:19:55 [LOG_CRIT] kernel: 228.58.174, 211.105.211.97, 211.230.215.233, 207.46.245.61, 220.124.84.125, 207.46.245.60, 210.241.130.254, 202.237.168.250, 220.123.156.122, 218.231.178.227, 203.228.29.241, 61.204.112.46, 218.104.200.82, 65.54.254.151, 210.200.96.251, 220.84.28.105, 200.101.232.76, 211.38.155.20, 216.136.232.177, 61.76.250.147, 202.220.198.245, 220.80.150.111, 61.192.40.30, 211.132.147.179, 220.73.62.113, 218.222.12.224, 219.124.47.66, 218.225.126.222, 128.11.22.110, 210.53.106.1, 211.35.241.22, 202.58.130.22, 128.11.20.109, 65.239.0.73, 210.252.168.198, 151.193.165.190, 211.44.147.23, 128.11.22.99, 202.130.158.161, 65.54.140.158, 128.11.22.98, 220.87.12.97, 61.225.66.54, 12.160.191.70, 206.46.170.10, 128.11.22.97, 128.11.22.96, 63.146.76.65, 202.239.116.201, 218.230.126.208, 128.11.42.103, 128.2.198.110, 216.109.126.88, 128.2.10.111, 211.192.9.253, 61.62.148.237, 210.172.78.144, 61.109.44.190, 162.93.206.17, 202.63.104.27, 64.33.65.143, 128.8.140.102, 63.170.238.122, 154.33.58.84, 61.1
10-23-2003 12:58:12 Kernel.Critical 192.168.1.1 Oct 23 12:19:55 [LOG_CRIT] kernel: 89.193, 218.43.254.54, 63.80.128.168, 66.32.101.165, 64.218.31.93, 216.168.230.183, 211.105.211.114, 205.188.145.185, 205.188.145.184, 211.107.31.113, 61.215.30.32, 203.70.217.71, 210.210.10.202, 211.35.241.58, 218.48.188.32, 219.248.143.233, 211.195.137.219, 218.45.0.60, 203.27.93.27, 61.230.180.16, 210.224.162.254, 194.159.36.145, 128.8.10.68, 128.2.116.78, 128.11.18.70, 128.6.22.75, 218.122.134.110, 211.202.123.215, 216.136.224.158, 210.94.24.66, 128.6.72.72, 134.75.20.2, 61.215.244.37, 61.84.74.166, 202.178.152.183, 128.8.10.71, 202.224.64.250, 218.140.222.134, 128.11.22.91, 220.73.212.68, 128.11.22.90, 128.2.52.83, 211.54.183.55, 218.158.170.150, 63.205.4.32, 209.113.159.114, 128.11.22.89, 219.161.159.169, 202.83.68.74, 168.95.42.36, 63.241.204.29, 63.236.66.7, 128.11.22.95, 128.2.10.86, 172.17.0.104, 211.0.203.6, 128.2.10.87, 203.33.165.60, 168.95.42.33, 221.148.91.158, 61.196.150.46, 128.2.10.85, 210.244.194.254, 202.224.64.242, 128.8.128.80, 218.230.66.229, 139.17
10-23-2003 12:58:12 Kernel.Critical 192.168.1.1 Oct 23 12:19:55 [LOG_CRIT] kernel: 17, 202.81.160.53, 218.43.108.95, 128.6.8.40, 210.175.192.210, 211.106.153.22, 61.204.128.65, 211.105.211.10, 65.238.0.30, 207.68.185.58, 211.222.13.188, 64.164.37.86, 202.126.224.6, 128.11.42.56, 129.33.105.20, 61.231.76.110, 128.11.42.63, 220.85.16.60, 211.200.43.174, 202.13.196.114, 211.229.133.131, 203.31.83.97, 65.238.0.25, 220.83.52.57, 128.11.42.61, 128.6.54.49, 202.158.2.236, 128.8.90.48, 202.239.112.156, 67.195.0.57, 202.145.80.226, 128.6.126.63, 211.75.145.34, 218.146.140.242, 65.117.100.142, 210.130.108.235, 128.8.202.51, 203.102.39.17, 172.17.2.1, 218.100.0.2, 128.11.42.55, 210.113.170.30, 203.228.1.146, 194.247.166.136, 211.200.193.166, 10.254.251.74, 210.175.224.194, 209.123.87.21, 218.156.242.134, 128.6.198.70, 211.1.69.19, 61.222.238.33, 172.24.0.118, 216.109.124.119, 211.221.207.204, 211.198.215.214, 128.6.14.69, 202.30.26.16, 202.225.52.239, 210.252.176.234, 211.134.227.144, 211.0.205.22, 211.4.167.18, 198.31.62.28, 218.163.90.191, 202.9.64.5, 211.104.21
10-23-2003 12:56:01 Kernel.Critical 192.168.1.1 Oct 23 12:17:44 [LOG_CRIT] kernel: ll-1 reseller.
10-23-2003 12:56:01 Kernel.Critical 192.168.1.1 Oct 23 12:17:44 [LOG_CRIT] kernel: 128.11.20.109, 65.239.0.73, 211.44.147.23, 128.11.22.99, 202.130.158.161, 65.54.140.158, 128.11.22.98, 12.160.191.70, 206.46.170.10, 128.11.22.97, 128.11.22.96, 128.11.42.103, 128.2.198.110, 216.109.126.88, 128.2.10.111, 210.172.78.144, 61.109.44.190, 162.93.206.17, 202.63.104.27, 64.33.65.143, 128.8.140.102, 154.33.58.84, 61.115.250.161, 216.19.170.59, 211.107.31.73, 210.226.2.193, 61.31.192.211, 216.109.118.68, 218.163.178.139, 64.119.221.196, 150.99.198.6, 128.2.10.113, 216.109.118.65, 202.67.88.125, 65.114.0.198, 207.68.177.126, 65.114.0.197, 211.223.43.250, 61.111.146.164, 202.62.88.3, 218.160.10.141, 202.62.86.3, 208.172.0.132, 128.11.22.115, 216.109.118.76, 65.178.254.10, 219.163.201.129, 211.105.85.67, 128.11.22.114, 128.2.120.123, 218.38.18.6, 140.209.182.167, 10.254.251.14, 150.99.38.15, 65.177.62.10, 128.11.22.113, 209.167.89.141, 216.109.118.78, 218.159.48.190, 128.11.22.112, 202.160.128.150, 61.216.116.24, 66.39.101.155, 218.112.134.85, 128.11.20.116, 202.22
10-23-2003 12:56:01 Kernel.Critical 192.168.1.1 Oct 23 12:17:44 [LOG_CRIT] kernel: 216.109.124.119, 211.221.207.204, 128.6.14.69, 202.30.26.16, 202.225.52.239, 210.252.176.234, 198.31.62.28, 202.9.64.5, 211.104.219.125, 211.129.63.148, 207.200.89.193, 66.32.101.165, 64.218.31.93, 216.168.230.183, 211.107.31.113, 211.35.241.58, 218.48.188.32, 219.248.143.233, 61.230.180.16, 194.159.36.145, 128.8.10.68, 128.2.116.78, 128.11.18.70, 128.6.22.75, 210.94.24.66, 128.6.72.72, 202.178.152.183, 128.8.10.71, 202.224.64.250, 218.140.222.134, 128.11.22.91, 220.73.212.68, 128.11.22.90, 128.2.52.83, 63.205.4.32, 209.113.159.114, 128.11.22.89, 168.95.42.36, 63.241.204.29, 63.236.66.7, 128.11.22.95, 128.2.10.86, 211.0.203.6, 128.2.10.87, 61.196.150.46, 128.2.10.85, 202.224.64.242, 128.8.128.80, 218.230.66.229, 144.228.58.174, 211.105.211.97, 207.46.245.61, 220.123.156.122, 203.228.29.241, 61.204.112.46, 65.54.254.151, 211.38.155.20, 216.136.232.177, 61.76.250.147, 220.80.150.111, 61.192.40.30, 220.73.62.113, 218.222.12.224, 219.124.47.66, 218.225.126.222, 128.11.22.110
10-23-2003 12:56:01 Kernel.Critical 192.168.1.1 Oct 23 12:17:44 [LOG_CRIT] kernel: 69, 128.9.176.20, 128.6.4.27, 216.74.132.12, 216.33.244.103, 208.169.18.230, 61.126.24.220, 128.11.18.20, 218.238.158.149, 128.11.28.42, 220.214.116.168, 198.71.74.34, 220.117.142.10, 203.121.17.17, 216.109.126.22, 218.148.102.237, 61.116.130.237, 128.6.180.34, 220.106.204.19, 211.208.141.165, 218.112.126.2, 128.8.132.32, 194.81.56.58, 128.8.202.33, 210.94.24.38, 218.164.96.213, 205.162.51.196, 65.92.190.177, 210.54.60.73, 128.6.228.43, 203.116.9.17, 202.81.160.53, 218.43.108.95, 128.6.8.40, 210.175.192.210, 211.106.153.22, 61.204.128.65, 211.105.211.10, 207.68.185.58, 211.222.13.188, 64.164.37.86, 202.126.224.6, 128.11.42.56, 129.33.105.20, 61.231.76.110, 128.11.42.63, 211.200.43.174, 202.13.196.114, 211.229.133.131, 203.31.83.97, 65.238.0.25, 220.83.52.57, 128.11.42.61, 128.6.54.49, 202.158.2.236, 128.8.90.48, 202.145.80.226, 128.6.126.63, 65.117.100.142, 128.8.202.51, 172.17.2.1, 218.100.0.2, 128.11.42.55, 203.228.1.146, 194.247.166.136, 211.200.193.166, 209.123.87.21,
10-23-2003 12:56:01 Kernel.Critical 192.168.1.1 Oct 23 12:17:44 [LOG_CRIT] kernel: 6.236.5, 128.6.4.5, 66.201.161.15, 128.11.44.15, 128.11.20.15, 128.11.20.14, 61.202.34.112, 202.163.224.225, 220.106.122.62, 210.80.38.10, 205.188.165.249, 206.24.190.94, 218.218.76.137, 128.8.120.1, 128.2.194.11, 128.6.4.12, 206.24.190.93, 128.6.70.13, 67.192.48.15, 203.181.97.242, 61.76.106.253, 128.6.238.10, 61.4.138.180, 128.6.180.11, 128.6.72.11, 218.225.0.181, 220.127.108.45, 128.9.32.7, 128.9.0.7, 128.4.40.10, 65.54.192.248, 219.126.147.42, 128.6.10.9, 128.6.70.23, 220.84.230.26, 196.7.86.81, 218.122.218.50, 211.28.119.93, 128.9.160.27, 128.6.4.20, 218.150.8.223, 128.11.42.24, 128.6.10.21, 210.222.114.152, 192.168.0.253, 210.139.60.204, 218.149.10.218, 128.11.22.30, 128.11.20.30, 128.11.18.30, 64.226.187.52, 65.223.248.8, 137.39.5.56, 128.2.148.20, 202.89.168.4, 172.158.38.170, 218.112.110.50, 216.226.54.162, 205.188.179.233, 216.74.132.11, 211.196.23.142, 128.11.44.18, 202.145.0.193, 220.117.74.51, 128.11.44.17, 202.69.80.20, 64.12.151.215, 128.11.44.16, 128.6.4.2
10-23-2003 12:53:47 Kernel.Critical 192.168.1.1 Oct 23 12:15:30 [LOG_CRIT] kernel: ll-1 reseller.
10-23-2003 12:53:47 Kernel.Critical 192.168.1.1 Oct 23 12:15:30 [LOG_CRIT] kernel: .70.13, 128.6.238.10, 128.6.180.11, 128.6.72.11, 128.9.32.7, 128.9.0.7, 128.4.40.10, 128.6.10.9, 128.6.70.23, 128.9.160.27, 128.6.4.20, 128.11.42.24, 128.6.10.21, 128.11.22.30, 128.11.20.30, 128.11.18.30, 128.2.148.20, 128.11.44.18, 128.11.44.17, 128.11.44.16, 128.6.4.29, 128.9.176.20, 128.6.4.27, 128.11.18.20, 128.11.28.42, 128.6.180.34, 128.8.132.32, 128.8.202.33, 128.6.228.43, 128.6.8.40, 128.11.42.56, 128.11.42.63, 128.11.42.61, 128.6.54.49, 128.8.90.48, 128.6.126.63, 128.8.202.51, 128.11.42.55, 128.6.198.70, 128.6.14.69, 128.8.10.68, 128.2.116.78, 128.11.18.70, 128.6.22.75, 128.6.72.72, 128.8.10.71, 128.11.22.91, 128.11.22.90, 128.2.52.83, 128.11.22.89, 128.11.22.95, 128.2.10.86, 128.2.10.87, 128.2.10.85, 128.8.128.80, 128.11.22.110, 128.11.20.109, 128.11.22.99, 128.11.22.98, 128.11.22.97, 128.11.22.96, 128.11.42.103, 128.2.198.110, 128.2.10.111, 128.8.140.102, 128.2.10.113, 128.11.22.115, 128.11.22.114, 128.2.120.123, 128.11.22.113, 128.11.22.112, 128.11.20.116, 192
10-23-2003 12:53:47 Kernel.Critical 192.168.1.1 Oct 23 12:15:30 [LOG_CRIT] kernel: 11.19.100, 128.11.23.123, 128.6.41.118, 128.11.23.122, 128.10.7.123, 128.11.23.121, 128.11.41.120, 128.11.23.120, 128.11.23.124, 128.11.45.117, 128.11.40.139, 128.11.18.138, 128.9.128.136, 128.2.136.131, 128.11.40.136, 128.6.194.130, 128.6.216.131, 128.6.204.131, 128.11.18.141, 128.11.18.140, 128.8.10.143, 128.6.16.140, 128.11.40.133, 128.6.216.147, 128.6.216.144, 128.11.40.146, 128.2.242.152, 128.11.42.150, 128.2.4.160, 128.8.44.172, 128.8.128.160, 128.11.42.167, 128.8.10.166, 128.6.222.169, 128.11.10.184, 128.8.10.188, 128.8.10.189, 128.2.60.180, 128.11.18.188, 128.11.16.177, 128.2.120.184, 128.11.10.176, 128.2.88.185, 128.11.10.182, 128.8.120.203, 128.8.10.203, 128.3.2.199, 128.11.40.193, 128.2.244.200, 128.11.42.196, 128.11.42.219, 128.8.90.214, 128.8.44.237, 128.8.10.224, 128.2.16.235, 128.6.72.254, 128.11.44.11, 128.11.20.9, 128.6.54.4, 128.6.10.4, 128.11.20.8, 128.10.252.9, 128.6.238.5, 128.6.236.5, 128.6.4.5, 128.11.44.15, 128.11.20.15, 128.11.20.14, 128.8.120.1,
10-23-2003 12:53:47 Kernel.Critical 192.168.1.1 Oct 23 12:15:30 [LOG_CRIT] kernel: 128.6.25.4, 128.6.3.5, 128.11.3.15, 128.6.209.2, 128.6.13.3, 128.11.17.13, 128.6.165.15, 128.11.3.27, 128.11.19.26, 128.11.3.26, 128.1.1.19, 128.11.3.30, 128.8.59.29, 128.11.19.29, 128.8.135.30, 128.6.75.16, 128.11.19.28, 128.11.3.28, 128.6.141.17, 128.11.11.18, 128.8.111.21, 128.6.53.27, 128.11.3.21, 128.10.19.20, 128.3.13.28, 128.8.111.42, 128.11.45.40, 128.6.165.34, 128.11.3.35, 128.2.11.43, 128.11.3.32, 128.11.23.38, 128.2.11.44, 128.11.19.36, 128.11.25.59, 128.11.19.59, 128.3.7.51, 128.11.25.57, 128.11.3.57, 128.6.19.52, 128.11.21.63, 128.6.3.51, 128.11.23.61, 207.134.164.254, 128.11.23.51, 128.11.19.51, 128.11.23.50, 128.11.23.54, 128.11.23.53, 128.11.23.52, 128.6.33.70, 128.3.21.65, 128.11.23.67, 128.11.19.67, 128.11.19.66, 128.11.19.65, 128.11.19.64, 128.11.19.71, 128.11.19.70, 128.11.3.70, 128.2.209.79, 128.11.19.68, 128.11.19.88, 128.11.41.82, 128.11.19.81, 128.11.11.81, 128.11.41.106, 128.11.19.106, 128.6.141.100, 128.11.45.110, 128.11.45.108, 128.2.53.105, 128
10-23-2003 12:53:47 Kernel.Critical 192.168.1.1 Oct 23 12:15:30 [LOG_CRIT] kernel: 1.158, 128.11.19.171, 128.11.19.168, 128.11.19.175, 128.11.19.173, 128.11.19.163, 192.168.1.65, 128.11.41.162, 128.2.203.171, 128.11.41.160, 128.2.193.169, 128.11.19.167, 128.11.19.166, 128.11.19.165, 128.11.19.164, 128.11.19.186, 128.2.203.179, 128.11.23.184, 128.11.23.190, 128.11.19.188, 128.11.23.179, 128.6.21.190, 128.11.19.177, 128.11.19.176, 128.11.23.183, 128.11.19.183, 128.8.187.180, 128.2.59.190, 128.11.23.182, 128.11.23.181, 128.3.129.189, 128.11.23.180, 128.11.19.180, 128.11.19.207, 128.11.19.206, 128.11.19.205, 128.11.19.204, 128.11.23.197, 128.3.11.204, 128.11.19.219, 128.11.19.218, 128.11.19.217, 128.2.191.208, 128.11.19.216, 128.6.223.210, 128.6.223.211, 128.11.11.220, 128.11.19.211, 128.11.19.210, 128.11.19.209, 128.11.19.208, 128.6.67.221, 128.11.19.215, 128.11.19.214, 128.11.11.214, 128.11.19.213, 128.11.19.212, 128.11.23.235, 128.11.19.235, 128.11.23.239, 128.11.19.238, 128.11.19.237, 128.11.19.236, 128.11.11.226, 128.11.11.230, 128.11.11.229, 128.11.23
10-23-2003 12:48:50 Kernel.Critical 192.168.1.1 Oct 23 12:10:02 last message repeated 976 times
10-23-2003 12:47:48 Kernel.Critical 192.168.1.1 Oct 23 12:09:31 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:47:48 Kernel.Critical 192.168.1.1 Oct 23 12:09:27 [LOG_CRIT] kernel: not write to host_table
10-23-2003 12:47:48 Kernel.Critical 192.168.1.1 Oct 23 12:09:27 last message repeated 121 times
10-23-2003 12:47:44 Kernel.Critical 192.168.1.1 Oct 23 12:08:39 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:46:56 Kernel.Critical 192.168.1.1 Oct 23 12:07:44 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:46:01 Kernel.Critical 192.168.1.1 Oct 23 12:06:22 [LOG_CRIT] kernel: not write to host_table
10-23-2003 12:46:01 Kernel.Critical 192.168.1.1 Oct 23 12:06:22 last message repeated 121 times
10-23-2003 12:44:39 Kernel.Critical 192.168.1.1 Oct 23 12:05:44 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:44:01 Kernel.Critical 192.168.1.1 Oct 23 12:04:00 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:42:17 Kernel.Critical 192.168.1.1 Oct 23 12:02:59 [LOG_CRIT] kernel: not write to host_table
10-23-2003 12:42:17 Kernel.Critical 192.168.1.1 Oct 23 12:02:59 last message repeated 121 times
10-23-2003 12:41:16 Kernel.Critical 192.168.1.1 Oct 23 12:01:26 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:39:43 Kernel.Critical 192.168.1.1 Oct 23 12:00:47 [LOG_CRIT] kernel: FW-1: cannot write to host_table
10-23-2003 12:39:04 Kernel.Critical 192.168.1.1 Oct 23 11:59:59 [LOG_CRIT] kernel: not write to host_table
10-23-2003 12:39:04 Kernel.Critical 192.168.1.1 Oct 23 11:59:59 last message repeated 6 times
 
Sort by date Sort by votes
what version of ipso are you using?
we had a problem quite like this when runing fp3 & fp2 on 3.51 it cleared when we went to 3.7 and CP hfa317 this was on a clean install and with the exact same config on an NT install worked fine. but on the nokia shut down usualy just after 9 or mid afternoon (peek internet access times)
 
Upvote 0 Downvote
WOW, we are running fp3.2.1

I'm a newb firewall person. I logged into the firewall via TELNET and tried to clear the log manually but it only fixed it temporarily. The log filled back up and the Internet was down.

Anyone have a newb guide to upgrade to 3.51 they could loan me :)

 
Upvote 0 Downvote
oops sorry got yhe wrong end of the stick (just looked at the log)

it looks like your firewall is misconfigured or your licence has too few hosts

Checkpoint sells licencees in 100,250,500, unlimited forms and this is the number of internal IP addresses it will allow (it gives 10% leeway) once you excede that your logs will fill up with the above messages (and will slow the firewall to a crawl as it is too busy writing logs)

in checkpoint dashboard look for the firewall object then look at its topology
check the interface labels
make sure internal networks are marked as internal and external networks are marked as external.


p.s. the 3.51 and 3.7 i was talking about were the IPSO versions (Nokias Operating system)
 
Upvote 0 Downvote
Piloria,

First, I'm not sure how many license IP's I have for this firewall. I can't find the previous IS Manager's information on it, so I'm running blind.

Second, the log keeps saying that TOO many Internal Hosts (2000). This number keeps going up and up and up, until it hits above (25,000) where it crashes my Firewall.

I think something is telling my firewall that I have thousands of IP's when I only have around 100 - 150.

I logged in via Telnet and tried to find the Internal Host file to clear it or look at it, but I have no idea where it is or how to clear it (besides deleting it).

I deleted the Host Table with: fw tab -t host_table -x

When I did a: fw tab -t Host_table -s

it said I had like 25,000 Entry Hosts?? so when I deleted the table and reset it, things worked fine..

I read that there is some way to clear the internal host area with $FWDIR/database/fwd.h and fwd.hosts

But I have no clue how to get to those files, looked around in the directories and couldn't seem to find anything that resembled that.

I do have this file named FW.ELG that is absolutely huge like 400 megs? No idea what that file is either LOL

Any help is greatly appreciated!

 
Upvote 0 Downvote
10-24-2003 11:17:05 Kernel.Critical 192.168.1.1 Oct 24 10:38:47 [LOG_CRIT] kernel: FW-1: cannot list internal hosts
10-24-2003 11:17:05 Kernel.Critical 192.168.1.1 Oct 24 10:38:47 [LOG_CRIT] kernel: .
10-24-2003 11:17:05 Kernel.Critical 192.168.1.1 Oct 24 10:38:47 [LOG_CRIT] kernel: FW-1: too many internal hosts (15811) detectedFW-1: h_getvals: fw_kmalloc (2150296) failed

Here is the latest errors message, since our internet is going to crash soon and I probably wont be able to check it until I recycle the Firewall.

 
Upvote 0 Downvote
fw.elg i beleve is the firewal error log

It looks like your firewall has its external interface registered as an internal interface (so it thinks all internet addresses are on its internal network)
see my post above to check the topology settings in cp dashboard

to clear the files
cpstop
cd $FWDIR
cd database
rm fwd.h
rm fwd.hosts
cpstart
fw tab -t host_table -x.

Note - the $FWDIR will take you to the current firewall directory
 
Upvote 0 Downvote
Thank, I was able to delete the FWD.h and fwd.hosts file.. but the problem is that it stills thinks all external addresses that hit it are internal...

I'm not sure how to get into the CP dashboard? Do you mean the webinterface for the Firewall?

I'm looking around now for a configuration that allows you to change from External/internal, but so far no luck.

Meanwhile the host_table is filling up again.

 
Upvote 0 Downvote
the dashboard is the name (fp2 and up) that the policy editor is now called (the interface you use to change firewall rules)
What Nokia box are you using?
 
Upvote 0 Downvote
Thanks Piloria, we actually found the problem. Our External.f file had the wrong port in it. Was tracking internet traffic as Internal. What a mess LOL

Your advice was a life saver - or gray hair saver

 
Upvote 0 Downvote
Are you shure that you linked the license file to the Internal interface and not to the external IF????
The message is that you're license does not cover all the ip and drop randomly the packets (THANKS CHECKPOINT!!!).
After the firewall stop and start (Each 4 minutes??)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
98
Sparrow4
Sparrow4
quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
60
iggsterman
iggsterman
quar
  • Locked
  • Question
Moving a rule
Replies
0
Views
32
quar
quar
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
139
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top