topic Re: Significance of Gateway Core Files in Firewall and Security Management

Significance of Gateway Core Files

Robert_Sisk — Tue, 13 Oct 2020 16:50:44 GMT

Hi Everyone,

Check Point support told us we can ignore scanengine_b and scanengine_k core files, which seem to happen rather frequently on our R80.10 gateways. Is anyone aware of a list of core file types that should be submitted to CP Support for analysis? Are core files only submitted for analysis when/if there is an issue on the gateway and otherwise ignored?

Thanks,

Bob

Re: Significance of Gateway Core Files

JackPrendergast — Tue, 13 Oct 2020 16:55:53 GMT

Hi,

I presume you are using Threat Emulation?

If you are, then this is normal behaviour. Tweaks have been made over the years to reduce the number of dumps and I arent sure why its done - but its normal.

Core files should only be submitted when you have an issue generally. If you are having adverse impact, and you notice a core dump, that for the R&D guys is extremely helpful.

Hope that helps.

Re: Significance of Gateway Core Files

G_W_Albrecht — Tue, 13 Oct 2020 17:05:19 GMT

Both kernel and usermode dumps can be helpfull if any issue had occured at the time they were generated. Frequent dumps without any visible issue may be important, too.

Re: Significance of Gateway Core Files

Robert_Sisk — Wed, 14 Oct 2020 14:55:29 GMT

Thanks to everyone for the information. To me it seems like our R80.10 firewalls generate more cores than I have seen when managing UNIX/Linux servers over the years, but they are firewalls with many processes, we are running almost all of the security blades. For the most part, core file generation does not correlate with any problems of which I am aware and when it does we have CP Support review them, however, I am not sure how they impact firewall performance. It is also a bit concerning when sshd and cpd produce cores. Thanks again!