If you add lines in fwkern.conf, it is permanent after a reboot.

Regards

Heiko

Hi Heiko, Thanks for the great stuff. On doing some research , I did noticed below (sk106576).  I'm confused about the statement : "Cluster members do not install policy at the same exact time, and are not aware when the peer members install policy."

Typically, policies are installed @ same time in Clusters. Does this happen under High Load or CPU utilization. Not sure, please assist

Hi Srinivasan,

over 80% cpu load and 30 sec.

Typical by policy installation.

Regards

Heiko

Hello everybody,

we are having a Cluster of 12600 appliances, having a policy with 800 rules and only very very less traffic (< 100Mbit/s, 5000 concurrent Connections) and very less CPU load.

in the beginning we had 200s configured, then we noticed that secondary was going down when doing policy install. We opened a ticket and Support suggested us to increase timeout.

So we increased from 200 - 300s and then a week later from 300 to 600. Did not solve the Problem.

We did not reboot but we did "fw ctl set int fwha_freeze_state_machine_timeout" to modify it live.

Any suggestions:

- how to measure a usefull freeze_timeout for am policy install?

- which values are usefull to set and which value we should not exceed?

Regards