CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: fwx_xlate_method

  1. #1
    Join Date
    2018-06-20
    Posts
    1
    Rep Power
    0

    Default fwx_xlate_method

    Hi,

    Using a bit old Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_70, Hotfix 670 - Build 033 on IPSO and getting lots of messages:

    kernel: FW-1: fwx_xlate_method: udp STATIC port xlation on ip protocol tcp (6)

    What could be wrong and how to repair this ?

    And sorry, can't upgrade to newer version, at the moment.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,194
    Rep Power
    13

    Default Re: fwx_xlate_method

    Quote Originally Posted by pepera31 View Post
    Hi,

    Using a bit old Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_70, Hotfix 670 - Build 033 on IPSO and getting lots of messages:

    kernel: FW-1: fwx_xlate_method: udp STATIC port xlation on ip protocol tcp (6)

    What could be wrong and how to repair this ?

    And sorry, can't upgrade to newer version, at the moment.
    I'd say this is just an informational message and not indicating a problem, although it is a bit confusing in that it is referencing both UDP and TCP for presumably the same packet/operation. Looks like a code issue, see the following SK which also references this message:

    sk21098: Getting an error message on console:"fw_xlate_dup: no NAT buffer in fwx_pending"

    Note that you will have to filter your SecureKnowledge search results to "Include unsupported products and versions" due to your ancient version for obsolete SKs like this to appear in search results at all.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,618
    Rep Power
    8

    Default Re: fwx_xlate_method

    Is there any chance you have a services in the NAT policy and original has udp and nated has tcp or something like that?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •