Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Christophe_SIEB
Participant

Memory status shows red color on management server

Hello, the memory status on the management server for the active gateway of a cluster is red (83%), although high memory consumption in the gateway does not seem to be a concern as far as Gaia uses the maximum available memory for buffers/ cache. What do you think ? Why is the management server showing this situation as an alert ?

Version R80.10 Take_70 for all systems

#free - m

Mem: total:7744 used: 7405 free:339 shared:0 buffers:25 cached:953

-/+ buffers/cache: used: 6426 free: 1318

Swap: total: 18394 used:0 free: 18394.

Thanks

Christophe

0 Kudos
13 Replies
Vladimir
Champion
Champion

It may be related to the caching of incorrect information by the management server. Take a look here: https://community.checkpoint.com/message/13131-re-clusterxl-on-take70-does-not-function-properly?com... 

0 Kudos
Christophe_SIEB
Participant

The point is the information seems correct.

If I use the numbers of the free-m command: 6426/7744 represents 83 % of used RAM.

The interface in the SMS is somewhat disturbing (see picture) as it appears as a critical state.

Thanks

0 Kudos
G_W_Albrecht
Legend
Legend

Maybe this is just the red mark for: we are above 80% memory, better no high traffic situation comes around. I would suggest to go up to R80.10 Take_70 # SmartConsole Build 024  asap

CCSE CCTE CCSM SMB Specialist
0 Kudos
Vladimir
Champion
Champion

In which case it makes perfect sense. It is not critical until there is a spike in traffic and, depending on the blades you have enabled, it very well may prove detrimental to overall system stability.

There is probably a way to adjust the threshold parameters for RAM, but I would not recommend doing it.

0 Kudos
Christophe_SIEB
Participant

Thank you Vladimir and Guenther.

0 Kudos
Christophe_SIEB
Participant

Hello, today (not a business day) the free -m command outputs:
Mem: total: 7744 used: 7285 free: 459 shared: 0 buffers: 25 cached: 977
-/+buffers/cache: used: 6281 free: 1463
swap: total: 18394 used: 1385 free: 17009
So the gateway started to swap.
Looking at the top command, wstlsd is the process that seems to consume memory.


We are investigating.

0 Kudos
Timothy_Hall
Champion
Champion

You must have taken these most recent screenshots/statistics on your firewall (not SMS as mentioned earlier in this thread) or you are running standalone.  You may want to start a different thread to avoid confusion as use of memory is quite different on a SMS vs. firewall.

wstlsd handles HTTPS negotiations associated with HTTPS Inspection (if enabled) or the "Categorize HTTPS Sites" checkbox if it is set.  It is normal for these processes to use a fair amount of memory.  There are two of them so it appears you have 2 Firewall Worker cores, which probably indicates your firewall has a total of 2 physical cores (at least with the default settings).  I'm guessing you have a 5100-5400, please confirm.

You have 8GB of RAM being reported, please confirm that Gaia is running in 64-bit mode.

The 1385 being reported by free -m indicates that at some point the firewall dipped into swap space (probably during a policy install) but does not mean the firewall is actively swapping right now (wa being 0.0% is a good indication that it is not).  Use sar -W to determine this for sure, and please see my posts about it in this thread:

Healthcheck script results 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Christophe_SIEB
Participant

Thank you Tim, I started a new thread https://community.checkpoint.com/thread/6930-why-is-memory-swapping-on-the-gateway and gave answers to your questions. I'm very new to Check Point product (but already bought your very useful book). Will execute healthcheck script next week to have more ideas about what's going on and to know if we are properly tuned.

0 Kudos
Dmitriy_Chazov
Contributor

Hi all.
What configuration actions need to be configured to reduce the load on the device's memory.


I have 5400 included the following blades:

FW, AP, URL, Content Awareness, Monitoring
IPS, Anit-bot, Anti-virus, TE

Smart Event Server

Smart Event Correlation

 

I make a CheckUp

Thacks

0 Kudos
PhoneBoy
Admin
Admin

Doesn't sound like you have a separate management appliance.

If that's the case, I would strongly consider moving management/SmartEvent off to a separate appliance or VM.

How much RAM is in your 5400?

0 Kudos
Dmitriy_Chazov
Contributor

Yes, all on one device. There is no way to deploy separate management.

8GB

0 Kudos
PhoneBoy
Admin
Admin

If you cannot break SmartEvent and Management off to a different system, I recommend adding additional RAM to your 5400.

0 Kudos
Dmitriy_Chazov
Contributor

Thanks, but these options are not right for the moment

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events