Support Center > Search Results > SecureKnowledge Details
NAT fails after an upgrade to R80.40 Technical Level
Symptoms
  • NAT fails after an upgrade to R80.40
  • Accept logs in SmartView Tracker do not show a NAT Rule.

  • tcpdump shows that traffic enters the Security Gateway but does not exit it.

  • fw monitor -p all shows that the inbound kernel accepts the traffic but stops at the little"i" (fw VM inbound).

  • /var/log/messages show:

     
    Aug 26 00:22:56 2021 nc-sils-fpi-nfp13 kernel: [fw4_22];fwxlate_do_init_ls_info_run: update_allocate_port_ranges failed.
    
    Aug 26 00:22:56 2021 nc-sils-fpi-nfp13 kernel: [fw4_29];FW-1: internal error - invalid port allocation range, low_first: 640, low_last: 1023, high_first: 15000, high_last: 60000
    
    Aug 26 00:22:56 2021 nc-sils-fpi-nfp13 kernel:    extra_first: 65001, extra_last: 65000, mem index: 0, cluster size: 2 
    
  • Kernel debug message:

    @;20038629;31Aug2021 18:24:59.276553;[cpu_16];[fw4_15];allocate_port_impl: allocation failed for port 58403, since previous update of allocation ranges failed;
    @;20038629;31Aug2021 18:24:59.276554;[cpu_16];[fw4_15];fwx_allocate_hide: Failed to allocate port;
    
Cause

The value of the fwx_high_port_quota parameter in fwkern.conf is too high. 

Example:
fwx_high_port_quota = 2500
A parameter set this high causes an internal conflict with port allocation, causing port allocation failure.


Solution
Note: To view this solution you need to Sign In .