Sessions, virtual memory & crashing 32-bit O.S. firewalls

From: Stout, William (StoutW@pioneer-standard.com)
Date: Wed Apr 29 1998 - 10:55:31 PDT

Next message: Randy Taylor: "RE: Lloyds to offer hacker insurance"

Previous message: Bennett Todd: "How do we do our job? (was Re: Network Security Certification)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've run into a issue where firewall locked up and crashed because of a
high number of sessions (Firewall-1 v3.1 on Solaris 2.5).  

I've recently run into an Intranet FW issue where SunRPC session ttl
value (across the firewall) was set to 12hrs, and the firewall locked up
& crashed after 6 hours (Network-1 on NT).  

I've heard a unsubstantiated rumour (customer says Network-1 tech
support told him) that file transfers >1.3GB across an NT firewall will
cause it to lock & crash.  NT addresses up to 4GB virtual memory,
allocates 2GB to applications and 2GB to the O.S..

All are memory related, specifically the firewalls run out of virtual
memory.  All are on packet-filter firewalls, not proxies.

Is running out of virtual memory a well known problem or new?  Is this a
32-bit/packet filter issue only?

Bill Stout

Next message: Randy Taylor: "RE: Lloyds to offer hacker insurance"
Previous message: Bennett Todd: "How do we do our job? (was Re: Network Security Certification)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:37 PDT