Troubleshooting guide

Appendix A: State Tables for VPN-1/FireWall-1 4.0 VPN tables

Advanced Technical Reference Guide 4.1 • June 2000 153

Third entry: <0, hiding IP address, IP protocol, first low port to be used; next port to be allocated>

The first field is a space holder and is always 0. The first low port to be used is always 600.

fwx_auth table

The fwx_auth table holds the original information of a folded connection, so that back connections can work

properly.

Example

attributes: expires 300, limit 25000, refresh, keep

<c0a83001, 00000450, c0a83005, 00000635, 00000006; c7cb47e3, 00000017;

286/300>

The fwx_auth table uses the following format:

<IP address of the interface of the FireWall-1 machine closest to the client, folded destination port, source IP

address, source port, IP protocol; destination IP address, destination port; time left/total time>

The first destination port is the high “folded” port. The second destination port is the original destination port

for the service. The source IP address is that of the client and the destination IP address is the final destination.

fwx_frag table

Information about this table will be available in the next update to this document.

VPN tables

Encryption tables

decryption_pending table

During the initialization period of the FWZ scheme, on the responder computer, connections that will need

decryption are inserted into the decryption_pending table.

Example

attributes: expires 120, kbuf 1;

<c0a83005, 00000456, c7cb477d, 00000017, 00000006; 174/180>

The decryption_pending table uses the following format:

In the case of SecuRemote the format is:

encryption_requests table

In the initiation phase of the encryption, connections that are to be encrypted are stored in the

encryption_requests table up to the point of actual encryption.

Example

attributes: expires 180

<c0a83005, 00000456, c7cb477d, 00000017, 00000006; 174/180>