This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
R89_99
Contributor
‎2018-04-06 07:31 AM

ClusterXL under freeze by policy installation

A typical issue is ClusterXL under freeze by policy installation. ClusterXL administrator would like to suppress the messages printed by the Cluster Under Load (CUL) mechanism (see sk92723) in the /var/log/messages file and in the dmesg. I always enable this on the cluster to solve this "under freeze" issue.
 

1) Open vi and add the following settings 

  # vi $FWDIR/boot/modules/fwkern.conf

 

  add the Line:

  fwha_freeze_state_machine_timeout=0

 

2) Reboot all Gateways

5 Replies
Rolf_Kaschek
Contributor
‎2018-04-06 08:08 AM

Is this setting permanet after a reboot?

R89_99
Contributor
‎2018-04-06 08:31 AM

If you add lines in fwkern.conf, it is permanent after a reboot.

Regards

Heiko

SriNarasimha005
Collaborator
‎2018-04-07 10:25 AM

Hi Heiko, Thanks for the great stuff. On doing some research , I did noticed below (sk106576).  I'm confused about the statement : "Cluster members do not install policy at the same exact time, and are not aware when the peer members install policy."

Typically, policies are installed @ same time in Clusters. Does this happen under High Load or CPU utilization. Not sure, please assist Smiley Happy

R89_99
Contributor
‎2018-04-07 11:07 AM

Hi Srinivasan,

over 80% cpu load and 30 sec.

Typical by policy installation.

Regards

Heiko

Alexander_Wilke
Advisor
‎2018-07-30 04:12 AM

Hello everybody,

we are having a Cluster of 12600 appliances, having a policy with 800 rules and only very very less traffic (< 100Mbit/s, 5000 concurrent Connections) and very less CPU load.

in the beginning we had 200s configured, then we noticed that secondary was going down when doing policy install. We opened a ticket and Support suggested us to increase timeout.

So we increased from 200 - 300s and then a week later from 300 to 600. Did not solve the Problem.

We did not reboot but we did "fw ctl set int fwha_freeze_state_machine_timeout" to modify it live.

Any suggestions:

- how to measure a usefull freeze_timeout for am policy install?

- which values are usefull to set and which value we should not exceed?

Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events