- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Recently we just run HCP on many SG and many times it ended with "FW tables limit" error.
So I was curious if there is any documentation/description for this tables. I tried to get some from TAC, but it was not useful, they just repeat all over that we need to activate drop templates with disable notification. But we want to know, what it means (it is possible, that we can solve it by some policy optimization or something like that).
For example I have this output from HCP report:
| +---------------------------------------------------------------+ |
| | FW Kernel Tables | |
| +----------------------------+-------------------+------+-------+ |
| | Table Name | Number Of Entries | Peak | Limit | |
| +============================+===================+======+=======+ |
| | tab_name_table | 19290 | 968 | 16384 | |
| +----------------------------+-------------------+------+-------+ |
| | excessive_table | 30906 | 0 | 25000 | |
| +----------------------------+-------------------+------+-------+ |
| | Uncommitted_tab_name_table | 17681 | 61 | 16384 | |
| +----------------------------+-------------------+------+-------+ |
| | nrb_hitcount_table | 4256 | 2 | 2484 | |
| +----------------------------+-------------------+------+-------+
So is there any description about tables: tab_name_table, excessive_table, Uncommitted_tab_name_table, nrb_hitcount_table?
First note there is a bug in the report where "Number of entries" and "Peak" are mixed.
There is a chance those are cosmetic issues. However, you should open a ticket to support. We seek to have a clear report for all our deployments!
In case this is cosmetic I expect the cosmetic issue to be solved as well.
Uncommitted_tab_name_table \ tab_name_table - this table hold table names.
excessive_table - this table is in charge of some log suppression mechanism
nrb_hitcount_table - this table holds count of rulehits
Im so glad you asked this question, because I wondered same thing when I looked at the report last time.
sk98348: Best Practices - Security Gateway Performance
sk65133: Connections Table Format
Thanks for reply. I already checked this articles but I still don't know, what this tables represent or at least what they are related to.
Of course I can make optimization by sk98348 but it would be much easier if I know on what I need to focus on.
Enable Drop Templates first. Wait. Then consult hcp again.
Did you ever get any answers for this? Did enabling Drop Templates help?
I did not get any other answer that enable Drop Template. I don't want to enable Drop Template (because log consolidating) without knowing why.
I will open another TAC ticket and try to ask for explanation again.
The most funny part is, that the "number of entries" is higher than the "limit" column and the "peak" column is the lower than the others.
I would not believe anything from this HCP output to be honest.
Im with you there, looks very strange indeed.
First note there is a bug in the report where "Number of entries" and "Peak" are mixed.
There is a chance those are cosmetic issues. However, you should open a ticket to support. We seek to have a clear report for all our deployments!
In case this is cosmetic I expect the cosmetic issue to be solved as well.
Uncommitted_tab_name_table \ tab_name_table - this table hold table names.
excessive_table - this table is in charge of some log suppression mechanism
nrb_hitcount_table - this table holds count of rulehits
Thanks for your reply and answers.
Because all / almost all of our Check Point customers have some "problematic" tables (not always the same) in there HCP report, do you think that if I write them all here, you/someone will be able to add same sort of comment as you did for these?
I believe the best approach to solving all of those issues is thru support.
You can share. I may not know all tables purpose. I can answer for what I know (and hopefully others can contribute as well).
I actually posted similar question couple months back about whether there was any command to actually run on the firewall that would give info about all the tables and what they are used for, but was not successful in getting that, so I can only assume it does not exist.
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 22 | |
| 17 | |
| 12 | |
| 10 | |
| 9 | |
| 9 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY