We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Tuning a F10 box to prevent memory allocation issues

  • Type: Knowledgebase
  • Date changed: 6 months ago
Solution 00005667


Scope:
This solution replies to:
- NG Firewall firmware versions 5.0.x, 5.2.x


Symptoms:
The F10 uses default settings, which could generate memory allocation problems at this small hardware. "Call Trace" entries in the "dmesg" and "Log" > "Box" > "System" > "klogd.log" like this indicates this issue.
 
Call Trace:
[<80767163>] ? printk+0x1d/0x22
[<804b1bb0>] __alloc_pages_nodemask+0x4a0/0x5b0
[<804082b0>] ? dma_generic_alloc_coherent+0x0/0xd0
[<8040831a>] dma_generic_alloc_coherent+0x6a/0xd0
[<804082b0>] ? dma_generic_alloc_coherent+0x0/0xd0
[<90ba171d>] rtl8139_open+0x33d/0x34c [8139too]
[<8045c595>] ? notifier_call_chain+0x35/0x70



Solution:
To prevent issues like a "force network activation" fails, just tune the box to decrease the memory usage of the ACPF (kernel firewall module) and the KTINA (kernel vpn module). Following setting changes should be done...

 
1) VPN

"Config" > "Box" > "Virutal Servers" > "<Server-Name>" > "Assigned Services" > "<Service-Name>" > "VPN Settings" > "Click here vor Server Settings" and change the option "Maximum Number of Tunnels" to "128".

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
2) FIREWALL

"Config" > "Box" > "Infrastructure Services" > "General Firewall Configuration" > "Application Detection" and set the option "Enable Protocol Detection" to "no".

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


"Config" > "Box" > "Infrastructure Services" > "General Firewall Configuration" > "Global Limits" and set the follwoing options:
  - "Max Session Slots" to "2048"
  - "Max Acceptors" to "512"
  - "Max Plugins to "512"
  - "Dyn. Services Name Entries" to "512"

 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 

 
"Config" > "Box" > "Infrastructure Services" > "General Firewall Configuration" > "Session Limits" and set the follwoing options:
 - "Max TAP Worker" to "10"
 - "Max Socks Worker" to "5"


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


 




3.) "Config" > "Box" > "Infrastructure Services" > ?Control? > ?Monitoring Setup?

 


















-          Deactivate Service: cstat, qstat, bdns and bnsmp(box snmp ? just in case it is not needed!)


  4.) "Config" > "Box" > "Infrastructure Services" > ?General Firewall Configuration? > ?Audit and Reporting?





























Forward Log Policy: Server-File-Only

Statistics for Local Firewall: No


Additional Notes:
If you use NG Firewall up to release 5.2.0, please also disable the IPS Feature. IPS needs at least 256MB RAM and the F10 is not designed for using IPS.


Link to This Page:
https://campus.barracuda.com/solution/50160000000IXhCAAW