Professional Documents
Culture Documents
Based on our recent conversation, you can find more information on this issue "NAT
hide failure - there are currently no available ports for hide operation" detailed
in sk103656 - Dynamic Port Allocation Feature.
In order to solve the problem I would recommend to first install jumbo take 205
for R77.30, since we already verified that there is not any jumbo hotfix installed
at this time on any of the gateways. The jumbo hotfix includes several improvements
for this particular scenario and several other features as well. The jumbo hotfix
needs to be installed on both cluster gateways. This will also match the jumbo
hotfix version that is currently installed for your Multi Domain Management Servers
which will also improve general performance for the environment.
As a side note, this particular issue may be seen on different versions of code,
specially older versions. The issue will manifest whenever there is exhaustion of
NAT ports for high traffic due to the way NAT port allocation is performed. If your
NAT traffic increases at any given time then it will be more likely that you will
see this behaviour while traffic is high. The new versions of code and jumbo hotfix
should help to alleviate this problem.
1- Upgrade CPUSE agent to version 1130 to match the current version being used for
other HSBC environments (this is the agent that performs
installation/uninstallation of hotfixes for the gateway) is needed to be able to
install new hotfixes). I've included the file in your SFTP folder under this SR's
number.
Steps:
[Expert@HostName:0]# $DADIR/bin/dastart
Steps:
- Run these commands on the standby member, after reboot you can failover traffic
to the now upgraded member, and perform installation of the jumbo hotfix on the
second gateway.
- Move the file to a directory on the appliance (i.e. /home/admin/)
- Make sure no clients are logged into any GUI applications at this time.
After both members have been upgraded/rebooted you can failover traffic back to
the previous active member if needed.
Please let me know if you have any questions or concerns at this time.
Thank you.
You may reply to this email or if you have difficulty responding via e-mail, you
may login to the User Center:
https://usercenter.checkpoint.com/usercenter/index.jsp