FW-1 slowdown

["Cannella, Michael (ISS Southfield)" <mcannell () iss net>]

> From: Ray Zupancic [mailto:rzupancic () corp webb net] Monday, January 17,
2000 6:50 PM
> I inherited a network with a Checkpoint 4.0 FW-1 on an Ultra5 running
> Solaris 2.6 with 128 megs of ram.  Originally it was two 
> identical systems
> clustered with Veritas Firstwatch
>
> In any case, this system mysteriously slows to a crawl and 
> stops processing traffic at random times of the day--usually
> up to 10 minutes or so--and then resumes without intervention.
> The only thing I can see is that the system usage goes to 100, 
> and the run queue skyrockets due to this (there is not process running
> away, it seems to be kernel).


Do you have any network objects of type "domain?"

Because the firewall relies on DNS to resolve these objects, any funniness
with DNS can cause random erratic performance.  Best advice is to avoid them
completely.  If you can't (you probably could if you tried), make sure
domain object rules are at the bottom of the rulebase.


It's one idea....

-----michael cannella  mailto:mcannella () iss net
-----Internet Security Systems, eServices
-----http://www.iss.net/