 | ||
 Number of connections behind Hide NAT | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-05 | |||
| |||
 Number of connections behind Hide NAT Apologies in advance if this makes no sense, it's been a long week.... Can anyone confirm: a) How many connections a Hide NAT can manage? b) Whether the limit is per-Hide NAT or global? There are a number of Hide NATs on the firewall, each hiding pretty large internal ranges- eg 10.1.x.x /12 behind 1.x.x.1, 10.2.x.x /12 behind 1.x.x.2 etc... Basically, the firewall keeps running out of ports to allocate to devices, so users can't get to the net. I need to know if breaking the Hide NATs down would help. Also, when it reaches this stage, I am having to reboot the firewalls- is there a command that will allow me to do this without rebooting? And (finally) is there a way of seeing how many connections are using a particular hide NAT? Cheers! Last edited by elzilcho; 2007-10-05 at 06:24. Reason: Forgot to add bit at the bottom...  |
| 2007-10-05 | |||
| |||
| Re: Number of connections behind Hide NAT I never really tested, but I'm guessing that as you have 65535 ports (ignoring 0), you can probably hide a similar number of connections behind each IP. You need to bear in mind that most machines will open quite a few, especially web browsers tend to open loads. In most cases the firewall will struggle with the number of connections before the NAT even becomes an issue, but if you already increased the connection table, maybe you might need to split the Hide NAT rule and have maybe 2 or something. To check number of connections edit your gateway object and check under "Capacity Optimization". |
| 2007-10-05 | |||
| |||
| Re: Number of connections behind Hide NAT Thanks Mario. So to clarify, each Hide NAT should (in theory) have 65535 available ports behind it? And is there a way of determining how many connections are currently using a specific Hide NAT? Last edited by elzilcho; 2007-10-05 at 08:36. |
| 2007-10-05 | |||
| |||
| Re: Number of connections behind Hide NAT I'm not sure of a way to view specific NAT entries, but the following command will show the number of NATs currently being used: fw tab -t fwx_alloc -s You can clear this table without rebooting with the following command: fw tab -t fwx_alloc -x Obviously, this will force a lot of sessions to reconnect, but at least you don't have to reboot. |
| 2007-10-08 | |||
| |||
| Re: Number of connections behind Hide NAT Quote:
|
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
