How may NAT'd connections did i have?

[dreamaz]

Hello,

I'm trying to determine how many Nat translations i had via my checkpoing ng firewall 3 days ago. We had an outage and was told we exceeded a threshold causing the firewall to hang. So i have 2 questions

1. how can i check how many connections are currently being nat'd

2. how can i get this data historically

We're running Checkpoint R6.1 on Nokia (BSD)

Thanks,

 

[rn4it]

Do you have control of or view access to the firewall? If so check the logfiles(Tracker) Select View+>query properties then select NAT rule number and Xlatesource and Xlatedest. This will show what the devices were being NAT'd at the Time if it's being logged. Smartview Monitor may also provide some information. What model of Nokia are you using? Also What do they me by exceeded the threshold? number of translations, memory etc.

 

[dreamaz]

Hi,

We're using Nokia 1260s. Exceeeded the threshold with respect to active translations. Our thresh is 50K and average under 28K, but on July 1, 5AM we passed the 50K which hung the server requiring a restart. I am more interested in getting the data for that day.

I managed to get the current nat'd count:

fw tab -t fwx_alloc -s

Looking at the archived logfiles, i see many entries with :

NAT Hide failure - there are currently no available ports for hide operation