Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Memory in Management Server shows RED

Hi,

The management server is managing two firewalls which are in  VSX cluster and running on Gaia R 80. 10.

In smart-console the CPU usage is merely 3-4 % but  the memory status shows as 85-86 % and is in "RED".

Please suggest as to what might be causing this. Also, there isn't much traffic through the firewalls as of now and there memory and CPU utilization is under 10%.

Memory in SMS server is 8GB

Thanks

9 Replies
Chris_Atkinson
Employee Employee
Employee

8GB RAM is on the lower end of memory population for R80.10 Management, is SmartEvent also active on the same machine?

CCSM R77/R80/ELITE
0 Kudos
LostBoY
Advisor

Thanks for the reply.. Yes SmartEvent Blade is enabled in the server settings.

Network Policy Management

Logging & Status

SmartEvent Server

SmartEvent Correlation

These are active on the SMS Server

0 Kudos
Timothy_Hall
Champion
Champion

Please provide output of the following commands run on the SMS for analysis:

free -m

sar -B

sar -W

cat /proc/meminfo

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Per the R80.10 release notes 16GB is the starting reference point for configs with SmartEvent but each environment is subtly different depending on enabled controls / load etc.

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Champion
Champion

Right, for an R80+ SMS I've found that the sweet spot seems to be 8 physical cores and 16GB of RAM; as cores & memory are added up to these amounts a noticeable improvement in management performance is seen.  Adding more cores and memory beyond that will certainly not hurt, but the incremental performance increase will not be as dramatic.  Java heap sizes and other internal tuning variables are automatically tweaked upon every SMS boot to optimize resource usage based on the number of cores and amount of RAM detected, but these automatic tweaks "top out" at 12 cores and 35.6GB of RAM or higher.

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
AlekseiShelepov
Advisor

What is your opinion about the sweet spot for MDS? Let's say with 10 domains and 50-100 connected gateways. Or maybe you saw some bigger setups in production. The most powerful Smart-1 can have 128GB or 256GB of RAM, as far as I know.

0 Kudos
Timothy_Hall
Champion
Champion

Based on what I've heard, I'd say the realistic bare minimum for any kind of MDS is probably 8 cores and 16GB RAM.  Beyond that it really depends on the number of CMAs (and associated processes) and the size of the configuration (number of rules, objects, policy packages, etc.).  In general though:

More CMAs -> More Cores. 

Larger Configs -> More Memory.

A Smart-1 3150 has 12 cores and has a base of 64GB RAM;  a Smart-1 5050 has 16 cores and a base of 64GB RAM (supports up to 50 domains & 50 gateways according to the pricelist);  a Smart-1 5150 has 24 cores and a base of 128GB RAM (supports up to 100 domains and 150+ gateways).  For an MDS if you have to pick between more cores and more RAM due to budget, I'd vote more RAM to help buffer disk I/O operations which tends to be the most prevalent bottleneck when it comes to MDS management performance.

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
LostBoY
Advisor

Can i find a document which states server requirements for an R80.10 Management Server so that i can use it to push for hardware upgrades.

Thanks

0 Kudos
Chris_Atkinson
Employee Employee
Employee

The following resources should be really helpful in this respect.

R80.10 Release Notes 

R80.10 Security Management - Performance Tuning Guide - Check Point Software Technologies 

SmartEvent NGSE 

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events