Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> NAT Table Fills up
Post Info TOPIC: NAT Table Fills up
Alex Brown


Status: Offline
Posts: 3
Date:
NAT Table Fills up
Permalink  

We have FW-1 NG on Nokia IPSO.  The limit has been increased to 50000 but we are still running out of NAT addresses.  What is causing this and will reducing the TCP timeout help if the cause is current sessions not ending correctly?  Where/how do we look to see what IP addresses are being NATed in the stateful table?
Thanks

__________________
nox


Status: Offline
Posts: 9
Date:
Permalink  

You are most likely going to need something like fwmonitor

Include the iI for before the kernel and the oO for after I would think

tcpdump

This sounds like the addresses are not being released quick enough / properly into your pool.

__________________
RoxcoR Technologies www.pheusion.com Security / Cryptography / Application development
cosmicv


Status: Offline
Posts: 12
Date:
Permalink  

Download the Advanced Technical Reference Guide from their support site. Its got an entire section on disecting the state tables and LOTS more.

__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> NAT Table Fills up
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard