4.2.2 GA + latest fxwrap.sys server reboot when gateway start

[ecomstation]

ecs 2.2b + latest AN driver package using MMLEM drivers (intel pro1000) and latest fxwrap.sys (bitwise works GmbH:4.2#@##1## 14 Dec 2018 21:06:18) (it also happens with 2014 original build bitwise works GmbH:4.2#@##1## 22 May 2014 13:49:54)

when startup.cmd start gateway.exe after some seconds the server reboot i've put REIPL=OFF in the config.sys but no trap screen appears the server just do a cold reboot

this happens when i've added this simple rule:

SSH_HD
Comment = "Allow helpdesk ssh",
Destination-Port = "63999",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional

If i add it with remote gui (W10) the firewall destroy firerule.cnf since it copy inside it all the include rule files contents (this issue still happens on the Windows Injoy FW remote gui)

instead if i add the rule manually editing firerule.cnf it happens that the server reboot when gateway,exe get started by startup.cmd (or manually)

i've prepared the zip package of injoy fw and will send you in private mail

this same situation has also happened on a Customer's firewall (same OS, same fxwrap.sys, same FW 4.2.2GA, but no AN driver package)

[lerdmann]

Make sure you set VIRTUALADDRESSLIMIT to a sensible size. It might be set either too low or too high. If you set it to 1536, then increase it up to the maximum of 3072 and see what works best. To be on the safe side, also load TESTCFG2.SYS. It is expected to be loaded by some other device drivers. Also try attached updated FXWRAP.SYS. It also comes with a TFF file. It would be helpful if you took a trace.

[lerdmann]

file:///D:/fxwrap_rcvlookahead.ziq

[ecomstation]

VAL is set to default of 1536 on both machines i will try 3072, but how can reproduce the issue?

what i do now as work-around to avoid issues:

1) i comment the includes in firerule.cnf with a text editor (directly on the server) 2) reload the injoy fw from the remote gui (w10) 3) add the new rule from the remote gui (w10) 4) reload the injoy fw from the remote gui (w10) 5) uncomment the includes in firerule.cnf with a text editor (directly on the server) 6) reload the fw from the remote gui (w10)

doing all theese steps i don't get the issue, but it's a bit complicated

i can't download the file, please help, or send it by mail

[lerdmann]

Sent driver via Email. Unfortunately, reproducing the issue will be difficult if it in fact depends on the VAL setting. That's because the system will silently crash if short on memory and VAL has an important bearing on this. This has nothing to do with IJFW but rather is a shortcoming of OS/2 memory management. In can happen on any OS/2 system.

[SilvanScherrer]

if still an issue with 4.2.3, we might look at it again.

[ecomstation]

i've not seen this issue in the last 2/3 years, so you can close this ticket