Repeated debug error messages in fwk.elg

kamilazat

Hi all!

I'm seeing a lot of messages like below in the fwk.elg file.

FW-1: stopping debug messages for the next 13 seconds. To disable this suppression see sk74580
[28 Sep 20:42:47][fw4_3];[vs_0];[10.x.x.x:32638 -> 10.y.y.y:10250] [ERROR]: up_calc_service_id_key_list: num_of_service_clobs (58) reached limit of entry key

Kernel debug parameters are set to default (as in we do fw ctl debug 0), and tracing options for routed daemon is off. I tried looking up the parts of the messages but found nothing.

Apparently there is a problem that has been going on for a while. Where can I be getting these messages from?

Thanks!

PhoneBoy

From the TAC cases that mention this error, it appears that there are too many matched services for a single connection.
In this case, the error refers to port 10250.
If you have multiple services that mention this port (either directly or as part of a range), reduce/eliminate them.
These messages will show even if you've disabled debugs.

These errors are happening as part of a caching function that be disabled with: fw ctl set int up_rulebase_use_compound_matching_cache 0
(To permanently disable this, see: https://support.checkpoint.com/results/sk/sk26202 )
However, this can negatively impact performance and is thus not recommended.

Are you a member of CheckMates?

Repeated debug error messages in fwk.elg