This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
R89_99
Contributor
‎2018-04-06 07:31 AM

ClusterXL under freeze by policy installation

A typical issue is ClusterXL under freeze by policy installation. ClusterXL administrator would like to suppress the messages printed by the Cluster Under Load (CUL) mechanism (see sk92723) in the /var/log/messages file and in the dmesg. I always enable this on the cluster to solve this "under freeze" issue.
 

1) Open vi and add the following settings 

  # vi $FWDIR/boot/modules/fwkern.conf

 

  add the Line:

  fwha_freeze_state_machine_timeout=0

 

2) Reboot all Gateways

5 Replies
Rolf_Kaschek
Contributor
‎2018-04-06 08:08 AM

Is this setting permanet after a reboot?

R89_99
Contributor
‎2018-04-06 08:31 AM

If you add lines in fwkern.conf, it is permanent after a reboot.

Regards

Heiko

vas
Contributor
‎2018-04-07 10:25 AM

Hi Heiko, Thanks for the great stuff. On doing some research , I did noticed below (sk106576).  I'm confused about the statement : "Cluster members do not install policy at the same exact time, and are not aware when the peer members install policy."

Typically, policies are installed @ same time in Clusters. Does this happen under High Load or CPU utilization. Not sure, please assist Smiley Happy

R89_99
Contributor
‎2018-04-07 11:07 AM

Hi Srinivasan,

over 80% cpu load and 30 sec.

Typical by policy installation.

Regards

Heiko

Alexander_Wilke
Collaborator
‎2018-07-30 04:12 AM

Hello everybody,

we are having a Cluster of 12600 appliances, having a policy with 800 rules and only very very less traffic (< 100Mbit/s, 5000 concurrent Connections) and very less CPU load.

in the beginning we had 200s configured, then we noticed that secondary was going down when doing policy install. We opened a ticket and Support suggested us to increase timeout.

So we increased from 200 - 300s and then a week later from 300 to 600. Did not solve the Problem.

We did not reboot but we did "fw ctl set int fwha_freeze_state_machine_timeout" to modify it live.

Any suggestions:

- how to measure a usefull freeze_timeout for am policy install?

- which values are usefull to set and which value we should not exceed?

Regards

Labels