https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243584#M47332 <P>We have a goal to get to "always on recommended".&nbsp; Not there yet.<BR /><BR />Sidebar - At a former employer, we had some Sun gateways.&nbsp; The hardware was "end of Ebay" (there is end of life, end of support, and end of EBay - parts can no longer be found even on Ebay).&nbsp; No restart as the hard drives would probably not restart if they were rebooted.</P> Tue, 11 Mar 2025 14:40:17 GMT George_Ellis 2025-03-11T14:40:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243567#M47325 <P>I do not see this metric included anywhere.&nbsp; Hence, the query for the community.<BR /><BR />What would be a reasonable length of time before we would consider restarting a gateway?<BR /><BR />Days in the past (I started with R55), we generally accepted 180 days of uptime as being a candidate for restarting a gateway.&nbsp; Memory leaks, heap issues, errant code, and other strange things tended to destabilize a box over time.&nbsp; Issues were avoided, especially before an upgrade, by restarting a gateway before changes were made.<BR /><BR />What would you consider a reasonable uptime to target restarts?&nbsp; Or is that considered an issue anymore (I think it still is)?</P> Tue, 11 Mar 2025 13:18:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243567#M47325 George_Ellis 2025-03-11T13:18:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243579#M47328 <P>I've had firewalls which have run for over eight years with no reboots. That was mostly because the applications which sent traffic through them had conflicting windows for potentially-disruptive changes, and we could never get a window from all of them at the same time.</P> <P>Long uptime gives me hives because it means you haven't recently tested to be sure the firewall can come back up after losing power. I've had a few datacenter-wide power outages (fire in the power distribution room, state superconducting grid outages, etc.). Every time, some system which has been too critical to maintain hasn't come back up. Most of the times, they're not one of my systems, but a few have been.</P> <P>Today, we install a jumbo every 180 days at most, and I'm working towards every 90 days. For years, the first response on every ticket we opened was "You're on an old version. Jumbos include a lot of fixes. Try updating the jumbo and tell us if the issue is still present." Since we've gotten serious about more frequent updates, we get that a lot less, and every ticket spends a week less dealing with that kind of boilerplate. The work to let us update more frequently (e.g, <A href="https://community.checkpoint.com/t5/API-CLI-Discussion/Finding-differences-between-cluster-members/m-p/236908/highlight/true#M8906" target="_self">finding and eliminating differences between cluster members</A>) has also led to much greater overall reliability on our firewalls.</P> Tue, 11 Mar 2025 14:16:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243579#M47328 Bob_Zimmerman 2025-03-11T14:16:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243584#M47332 <P>We have a goal to get to "always on recommended".&nbsp; Not there yet.<BR /><BR />Sidebar - At a former employer, we had some Sun gateways.&nbsp; The hardware was "end of Ebay" (there is end of life, end of support, and end of EBay - parts can no longer be found even on Ebay).&nbsp; No restart as the hard drives would probably not restart if they were rebooted.</P> Tue, 11 Mar 2025 14:40:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Uptime-Restart-practice/m-p/243584#M47332 George_Ellis 2025-03-11T14:40:17Z