[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cybg
Subject:    Re: [Cybg] Error messages
From:       "Techie Want to be" <techwant2b () sympatico ! ca>
Date:       2003-11-11 0:39:05
[Download RAW message or body]

Yves,

    I also think opening a call with Cyberguard would be warranted. This is
assuming you have a maintenance contract on your firewall. Since one of the
errors seams to point to either no more File Descriptors available for that
process or that a File Descriptor disapeared on one of the processes, this
smells like a feature(bug) to me. I have never seen these log entries either
but here are a few things I would suggest trying to pin point the problem
further (I don't claim it will solve any problem but it might help point you
in the right direction quicker). First the assumptions. Since you have given
very limited info I will make the following assumptions.

Assumption #1; The problem can easily be replicated or occurs within a small
interval of time.
Assumption #2; You have at your disposal a test firewall (I know this is
asking a lot sometimes but the alternative will be to disable live services
while you troubleshoot)
Assumption #3; This problem is a big enough pain in the behind to warrant
investigating the cause.

If you have a Quality Assurance environment to test services pre-production
it would be a bonus but I know, what kind of dream world do I come from
right...

First you might want to double check all your timeouts and Packet-filter
rules for each Port Guard. Ensure the rules are clean ie. nothing was ever
inserted manually between the comment lines. I'm pretty sure that this has
nothing to do with your problem but it's easy to do and prevents chasing
ghosts later. If you have the luxury of a second firewall try migrating each
Port Guard one by one to the second firewall and leave them up long enough
to see if the proble re-occurs. Easy conclusion here is that when it does
re-occur then it's one of the Port Guards you have migrated.  I would go as
far to venture that it is probably the last one you migrated. If you don't
have the luxury of the second firewall then you have to do the opposite,
that is you must remove one Port Guard at a time until the problem goes
away. Not a pretty solution I know. Once you think you have identified the
culprit try mapping out the entire service from client(s) to server(s) to
see what is happening when this occurs. I would also suggest doing some
packet capture to see what triggers this.

Sorry to tell you but that is as much help (or not) I can give with what I
know of your problem.

Good luck and if/when you do get to the bottom of this can you please post
your findings here.

Thanks

Techie Wantabe




----- Original Message ----- 
From: "Yves Carrière" <yves.carriere@videotron.ca>
To: <cybg@realproject.be>
Sent: Monday, November 10, 2003 5:08 PM
Subject: Re: [Cybg] Error messages


> Hi Phillipe,
>
>      I have around 20 portguard and they are not use for permanent tcp
connection.  I think your suggestion is probably the best. But I
> was curious
> to see if anyone had experienced thesame problem.
>
> thanks,
>
>
>
>
> Yves
>
>
> Philippe Cayphas wrote:
>
> > Yves,
> >
> > Personnaly, I never saw this message. It looks like as is the portguard
processes are using all the file descriptors they can open.
> >
> > Do you have an idea how many portguard processes are running in the same
time ? Are they used for permanent tcp opened connections.
> >
> > I think the best is to open a call to cyberguard support.
> >
> > Regards,
> >
> > Philippe
> >
> > -----Original Message-----
> > From: cybg-admin@realproject.be [mailto:cybg-admin@realproject.be]On
> > Behalf Of Yves Carrière
> > Sent: samedi 8 novembre 2003 14:48
> > To: cybg
> > Subject: [Cybg] Error messages
> >
> > Hi all,
> >
> >      Did anyone of you experienced the following errors in there logs:
> >
> > Nov  4 09:55:11 cg1 light-proxy[11735]: process_request: leftover stuff
> > (6) 1380
> > Nov  4 09:55:13 cg1 light-proxy[11735]: Error from max_fd 25 - Bad file
> > number (9).
> >
> >      I don't know what could trigger it.  I have http, smtp and someport
> > guard running.  When it happens, the port guard have performance issues
> > and the fix so far is to stop the port guard and restart them.
> >
> > thanks,
> >
> > Yves
> >
> > _______________________________________________
> > Cybg mailing list
> > Cybg@realproject.be
> > http://www.realproject.be/mailman/listinfo/cybg
> > _______________________________________________
> > Cybg mailing list
> > Cybg@realproject.be
> > http://www.realproject.be/mailman/listinfo/cybg
>
>
> _______________________________________________
> Cybg mailing list
> Cybg@realproject.be
> http://www.realproject.be/mailman/listinfo/cybg
>


_______________________________________________
Cybg mailing list
Cybg@realproject.be
http://www.realproject.be/mailman/listinfo/cybg
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic