This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michal_Gans
Contributor
Contributor
‎2022-12-07 05:25 AM
Jump to solution

HealthCheck Point - FW tables limit

Recently we just run HCP on many SG and many times it ended with "FW tables limit" error.

So I was curious if there is any documentation/description for this tables. I tried to get some from TAC, but it was not useful, they just repeat all over that we need to activate drop templates with  disable notification. But we want to know, what it means (it is possible, that we can solve it by some policy optimization or something like that).

For example I have this output from HCP report:

| +---------------------------------------------------------------+ |
| | FW Kernel Tables | |
| +----------------------------+-------------------+------+-------+ |
| | Table Name | Number Of Entries | Peak | Limit | |
| +============================+===================+======+=======+ |
| | tab_name_table | 19290 | 968 | 16384 | |
| +----------------------------+-------------------+------+-------+ |
| | excessive_table | 30906 | 0 | 25000 | |
| +----------------------------+-------------------+------+-------+ |
| | Uncommitted_tab_name_table | 17681 | 61 | 16384 | |
| +----------------------------+-------------------+------+-------+ |
| | nrb_hitcount_table | 4256 | 2 | 2484 | |
| +----------------------------+-------------------+------+-------+

 

So is there any description about tables: tab_name_table, excessive_table, Uncommitted_tab_name_table, nrb_hitcount_table?

 

0 Kudos
1 Solution

Accepted Solutions
Tal_Ben_Avraham
Employee
Employee
‎2022-12-22 07:05 AM
Jump to solution

First note there is a bug in the report where "Number of entries" and "Peak" are mixed.

There is a chance those are cosmetic issues. However, you should open a ticket to support. We seek to have a clear report for all our deployments!

In case this is cosmetic I expect the cosmetic issue to be solved as well.

 

Uncommitted_tab_name_table \ tab_name_table - this table hold table names.

excessive_table - this table is in charge of some log suppression mechanism

nrb_hitcount_table - this table holds count of rulehits

View solution in original post

0 Kudos
12 Replies
the_rock
Legend
Legend
‎2022-12-07 06:03 AM
Jump to solution

Im so glad you asked this question, because I wondered same thing when I looked at the report last time. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-12-07 06:31 AM
Jump to solution

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CLI_ReferenceGuide/Topics-CL...

sk98348: Best Practices - Security Gateway Performance

sk65133: Connections Table Format

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Michal_Gans
Contributor
Contributor
‎2022-12-07 07:52 AM
In response to G_W_Albrecht
Jump to solution

Thanks for reply. I already checked this articles but I still don't know, what this tables represent or at least what they are related to.

Of course I can make optimization by sk98348 but it would be much easier if I know on what I need to focus on.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-12-07 08:05 AM
In response to Michal_Gans
Jump to solution

Enable Drop Templates first. Wait. Then consult hcp again.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Firewall_Guy
Explorer
Explorer
‎2022-12-09 03:49 PM
Jump to solution

Did you ever get any answers for this? Did enabling Drop Templates help?

0 Kudos
Michal_Gans
Contributor
Contributor
‎2022-12-21 08:49 AM
In response to Firewall_Guy
Jump to solution

I did not get any other answer that enable Drop Template. I don't want to enable Drop Template (because log consolidating) without knowing why.

I will open another TAC ticket and try to ask for explanation again.

0 Kudos
Alexander_Wilke
Advisor
‎2022-12-16 06:19 AM
Jump to solution

The most funny part is, that the "number of entries" is higher than the "limit" column and the "peak" column is the lower than the others.

I would not believe anything from this HCP output to be honest.

0 Kudos
the_rock
Legend
Legend
‎2022-12-21 09:25 AM
In response to Alexander_Wilke
Jump to solution

Im with you there, looks very strange indeed.

0 Kudos
Tal_Ben_Avraham
Employee
Employee
‎2022-12-22 07:05 AM
Jump to solution

First note there is a bug in the report where "Number of entries" and "Peak" are mixed.

There is a chance those are cosmetic issues. However, you should open a ticket to support. We seek to have a clear report for all our deployments!

In case this is cosmetic I expect the cosmetic issue to be solved as well.

 

Uncommitted_tab_name_table \ tab_name_table - this table hold table names.

excessive_table - this table is in charge of some log suppression mechanism

nrb_hitcount_table - this table holds count of rulehits

0 Kudos
Michal_Gans
Contributor
Contributor
‎2022-12-22 07:14 AM
In response to Tal_Ben_Avraham
Jump to solution

Thanks for your reply and answers.

Because all / almost all of our Check Point customers have some "problematic" tables (not always the same) in there HCP report, do you think that if I write them all here, you/someone will be able to add same sort of comment as you did for these?

0 Kudos
Tal_Ben_Avraham
Employee
Employee
‎2022-12-22 07:35 AM
In response to Michal_Gans
Jump to solution

I believe the best approach to solving all of those issues is thru support.

You can share. I may not know all tables purpose. I can answer for what I know (and hopefully others can contribute as well).

0 Kudos
the_rock
Legend
Legend
‎2022-12-22 07:40 AM
In response to Tal_Ben_Avraham
Jump to solution

I actually posted similar question couple months back about whether there was any command to actually run on the firewall that would give info about all the tables and what they are used for, but was not successful in getting that, so I can only assume it does not exist.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events