[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Sonicwall DMZ cache full?
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Had the same problem just a couple weeks ago. Indeed, Sonic does have limit
(2048) on how many simultaneous connections (read: high ports no.s) it uses
for PAT.
Turned out the problem was an SMTP daemon on a machine that was using PAT to
send outgoing mail. It services 300 users, sending mail instanteously when
requested by users. However, it would open a TCP connection to relay mail
for each message, not to mention doing POP mail collection from ISP.... all
using PAT. My mistake. The result: this one machine had the bulk of high
ports open, not many other ports available for users PAT sessions.
Solved the problem by making 1-1 NAT for this one machine (SMTP/POP only).
Problem is likely similar in that one or more hosts are taking up the bulk
of connections. Your Sonic logs should give you a clue...
-Shawn
-----Original Message-----
From: Eric Carr [mailto:eric.carr@gul.no]
Sent: Tuesday, July 18, 2000 3:01 AM
To: Firewalls@Lists.GNAC.NET
Subject: Sonicwall DMZ cache full?
Hi all,
For some reason, after about 2 days uptime, my Sonicwall DMZ log starts
filling up with "The cache is full; over 2048 simultaneous connections; some
will be dropped" error messages, which ofcourse makes our
connection-test-scripts flood us with error-report emails.
Has anyone got an idea why "the cache is filled up" ? The load on the
firewall is minimal at this time, but still..
I'm running firmware v5.0.0 (most recent)...
Regards,
Eric
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
|
