Dns File Descriptor Limit - Watchguard Firebox X1000 User Manual
Vpn gateway
Hide thumbs
Also See for Firebox X1000:
- Reference manual (264 pages) ,
- Quick start manual (38 pages) ,
- Hardware manual (30 pages)
Table of Contents
Advertisement
Chapter 9: Configuring Proxied Services
4
By default, all rules are enabled. You can enable or
disable the rules as you choose to determine which
packet originators are automatically added to the auto-
blocked sites list.
To be able to select or clear several consecutive rules as a group,
select the first rule, press Shift and select the last rule, and then
select one of the rules between the two selections.
To be able to select or clear several non-consecutive rules as a
group, press Ctrl and select each rule you want.
DNS file descriptor limit
The DNS proxy has only 256 file descriptors available for
its use, which limits the number of DNS connections in a
NAT environment. Every UDP request that uses dynamic
NAT uses a file descriptor for the duration of the UDP
timeout. Every TCP session that uses dynamic, static, or 1-
to-1 NAT uses a file descriptor for the duration of the ses-
sion.
The file descriptor limit is rarely a problem, but an occa-
sional site may experience slow name resolution and many
instances of the following log message:
dns-proxy[xx] dns_setup_connect_udp: Unable to cre-
ate UDP socket for port: Invalid argument
158
WatchGuard Firebox System
Hide quick links:
Advertisement
Table of Contents
