Hi I have a watchguard firewall, and I lost access to the firewall before xmas, therefore I visited the site, upgraded the firewall to the latest firmware but unfortunatly, I am now having similar issues where I will lose access to the firewall, sometimes it will let me in sometimes nothing. I thought this was an issue with the actual hardware but now in the logs I see a constant stream of:
2011-12-29 09:47:38 kernel printk: 90 messages suppressed.
Which makes me think this could be a DOS attack, I have contacted both my ISP's who say they are not seeing any unusual traffic on the connecitons, I have a support call logged with Watchguard just awaiting a response.
Does anyone know what these kernel printk messages are? My understanding is that they are blocking multiple identical messages, but I am unsure if this is correct or where they are coming from.
Any help will be much appreciated.
The suppressed messages are the kernel's way to prevent DoS'ing the machine (even) further - You have to check which message was suppressed in the first place.
You can adjust the
printk()rate via/proc/sys/kernel/printk_ratelimit*. The printk function is actually one of the few (reliable and crash-proof) ways the kernel can issue (debugging) information into user space.It's a bug in the 11.3.x series software, has been around for well over a year. I'm not sure if the 11.4.x versions still have this (11.4 only runs on the newer XTM model's, not the e-series devices which I suspect you have) but the answer I got from Watchguard Support was to just ignore them.
More discussion over on the Watchguard Forums. Would highly recommend you post your problem over there as there's a couple of real Watchguard guru's who offer amazing help. Make sure you post your device model and current software version.