Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
161162163164165166167168169170
Appendix A: State Tables for VPN-1/FireWall-1 4.0 Load balancing tables
Advanced Technical Reference Guide 4.1 June 2000 165
<-1 (ffffffff), source IP address, source port, destination IP address, destination port, IP protocol; time
left/total time>
For the third part of the entry: (line 3 above):
<-2 (fffffffe), source IP address, source port, destination IP address, destination port, IP protocol; time
left/total time>
The second and third entries are used to ensure that only one client can work after the authentication. The
second entry allows the inbound connection to FireWall-1 and is removed from the table immediately after the
authentication is complete.
The third entry ensures that the connection will be able to go through the gateway and is removed from the table
as soon as the connection passes the gateway (unless the connection is to the gateway itself in which case the
entry will remain until the specified timeout).
session_requests table
All connections that need to be authenticated by session authentication are held in this table until the
authentication is completed.
Example
attributes: expires 180
<c0a83005, 00000456, c7cb477d, 00000017, 00000006; 174/180>
The session_requests table uses the following format:
<source IP address, source port, destination IP address, destination port, IP protocol; time left/total time>
Load balancing tables
check_alive table
The check_alive table holds a list of either load balanced servers or client authentication machines running in
wait mode, that should be pinged to verify that they are still working.
Example
attributes: expires 60
<c7cb471c,1; 379e4800, 0000003c, 0000001e, 00000001, 32/60>
<c0a83005,1; 379e4800, 0000003c, 0000001e, 00000001, 55/60>
<c0a83017,1; 379e4800, 0000003c, 0000001e, 00000001, 32/60>
The check_alive table uses the following format:
<IP address, magic number; last ping time, time to die, recheck, reference count, time left/total time>
magic number – contains ‘1’ for clients in wait mode, or ‘2’ for load balanced servers.
The last ping time is the time (in seconds since 1/1/1970) when the server was last pinged. The time to die is
the time until connections are no longer referred to that server if it does not respond. The recheck field is the
number of seconds between each two consecutive rechecks. The reference count field tracks how many
connections were referred to this server.
logical_requests table
Connections that need to be forwarded to another server as a result of a logical server are stored in the
logical_requests table while FireWall-1 determines the correct server to forward the connection to.