Hi Andy

Its is a SMB Gateways (Spark) 1590 running R81.10 (996000575)

Regards

Dek

Hey Dek,

See if below post may help.

https://community.checkpoint.com/t5/SMB-Gateways-Spark/1800-SMB-tmp-usage-full/td-p/136805

Also, just curious, when you try set new password, did you enter any special characters?

Andy

Hi Andy

The only special character user is an underscore. I will have a  look at your link too. Thanks for that

Regards

Dek

I hope it helps.

Hi Andy,

Removing the underscore reports:

Could not set administrator password: Password must be at least 12 characters long and contain 4 or more different types of characters (e.g., uppercase, lowercase, numeric, non-alphanumeric)

Interesting...so if you type min 12 characters with 4 different types, still gives the same error?

Andy

Hi Andy, yes it gives the same error if the password meets the requirements. The same password used is accepted on the standby system

K, so that logically 100% tells us its not an issue with the password itself, but something else on that fw. I assume you tried rebooting it? If so, I would contact TAC to see if they have any suggestions...

Andy

HI Andy, I am unable to reboot just yet but the issue seems to be the lack of space in /tmp . I have opened a call with my supplier,  hopefully they'll open a call with Checkpoint directly. I was able to fix the issue I had with the preshared key entry once I freed space in /tmp, however in this instance, I can't even login due to password expiry.

Yes, hopefully they can open a case for you, as it seems like pretty serious problem. Let us know how it goes.

Andy

I will most definitely let you know what Checkpoint come back with.

Thanks

Dek

Thanks Vincent. The 2 Units are locally managed not centrally. I was going to ask about trying a remote command to  delete rotated log files '*.?' but was not sure how to enter a command from a non privileged shell etc. I will give that a go. I do have a user with a ssh key and can run non priv commands with ssh but I have a feeling that any command I run will first ask for the password to be reset

I can run the command

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /var/lib/monitor/.ssh/id_rsa monitor@xx.xx.xx.xx "show interface Internet1"

Warning: Permanently added 'xx.xx.xx.xx' (RSA) to the list of known hosts.
dhcp-exclude-end-range:
vti-is-numbered:
dhcp-range-end:
bond-master:
lan-access-track:
prefix-delegation-subnet:
other-config-flag: off......

hotspot: off
wireless-transmission-rate: auto
wpa-encryption-type: Auto
relay relay-to:
prefix-delegation-internet-connection:table: 0xf57701b0
relay-tertiary:
reachable-timer: 0
retransmission-timer: 0
prefix-delegation-prefix-length:
remote:
send-mtu-flag: off
bridge-stp-priority: 32768
dns-ipv6 primary:
band: table: 0xf57388e0
802dot1x-re-authentication-frequency:
dtim-period: 1
bridge-range:
vlan-physical-port:
bridge-stp-forward-delay: 15
stp: off
include-ipv6-pool:
inheritSwitchSettings:
wds: off

So I just need to work out how I can delete some files in /tmp..

Awesome! Thats progress...see if commands from that link I sent will help.

Andy

I am trying to see what commands I can run from the 1st level shell , trying to run cpshell

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /var/lib/monitor/.ssh/id_rsa monitor@xx.xx.xx.xx cpshell
Warning: Permanently added 'xx.xx.xx.xx' (RSA) to the list of known hosts.
Could not chdir to home directory /home/monitor: No such file or directory
Unexpected error: You have no privileges to change this configuration

or seeing what happens specifying expert

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /var/lib/monitor/.ssh/id_rsa monitor@xx.xx.xx.xx "expert"
Warning: Permanently added 'xx.xx.xx.xx' (RSA) to the list of known hosts.
stty: standard input: Inappropriate ioctl for device
env: standard output: No space left on device

I have logged a call so will wait to hear if there is anything I can do barring a reboot/ failover

From a ssh session on the standby I was able to use a command as Vincent showed?

[Expert@GK2]# $CPDIR/bin/cprid_util -server xx.xx.xx.xx -verbose rexec -rcmd /bin/bash -c "df"
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 20480 20480 0 100% /tmp
tmpfs 61440 15248 46192 25% /fwtmp
/dev/mmcblk1p8 4974080 39936 4661760 1% /logs
/dev/mmcblk1p11 8177080 969696 6772288 13% /storage
/dev/mmcblk1p6 709296 509376 148312 77% /pfrm2.0
tmpfs 20480 11144 9336 54% /tmp/log/local
tmpfs 512000 0 512000 0% /tetmp

ANd so I was able to list and then remove files:

[Expert@GK2]# $CPDIR/bin/cprid_util -server xx.xx.xx.xx -verbose rexec -rcmd /bin/bash -c "ls -l /tmp/log/*.?"
-rw-r--r-- 1 root root 1048624 Dec 12 03:51 /tmp/log/check_available_firmware.elg.0
-rw-r--r-- 1 root root 1085490 Oct 16 2023 /tmp/log/cphamcset.elg.0
-rw-r--r-- 1 root root 1085490 Oct 15 2023 /tmp/log/cphamcset.elg.1
-rw-r--r-- 1 root root 667648 Apr 4 11:47 /tmp/log/cxld.elg.0
-rw-r--r-- 1 root root 913064 Dec 21 08:57 /tmp/log/cxld.elg.1
-rw-r--r-- 1 root root 199975 Feb 1 22:30 /tmp/log/sfw_webd.elg.1
-rw-r--r-- 1 root root 200001 Dec 28 18:04 /tmp/log/sfw_webd.elg.2
-rw-r--r-- 1 root root 199991 Nov 29 15:59 /tmp/log/sfw_webd.elg.3
-rw-r--r-- 1 root root 199992 Nov 7 03:12 /tmp/log/sfw_webd.elg.4
-rw-r--r-- 1 root root 1040384 Apr 20 09:47 /tmp/log/sfwd.elg.0
-rw-r--r-- 1 root root 740718 Apr 6 19:13 /tmp/log/sfwd.elg.1
-rw-r--r-- 1 root root 782053 Apr 8 14:03 /tmp/log/ted.elg.0
-rw-r--r-- 1 root root 937984 Dec 5 00:02 /tmp/log/ted.elg.1
-rw-r--r-- 1 root root 1048592 Apr 20 12:47 /tmp/log/uc_activation.elg.0
-rw-r--r-- 1 root root 1048618 Apr 12 22:55 /tmp/log/uc_activation.elg.1

[Expert@GK2]# $CPDIR/bin/cprid_util -server xx.xx.xx.xx -verbose rexec -rcmd /bin/bash -c  "rm /tmp/log/*.?"

[Expert@GK2]# $CPDIR/bin/cprid_util -server xx.xx.xx.xx -verbose rexec -rcmd /bin/bash -c  "df -h"
Filesystem Size Used Available Use% Mounted on
tmpfs 20.0M 9.3M 10.7M 47% /tmp
tmpfs 60.0M 14.9M 45.1M 25% /fwtmp
/dev/mmcblk1p8 4.7G 39.0M 4.4G 1% /logs
/dev/mmcblk1p11 7.8G 947.0M 6.5G 13% /storage
/dev/mmcblk1p6 692.7M 497.4M 144.8M 77% /pfrm2.0
tmpfs 20.0M 10.9M 9.1M 54% /tmp/log/local
tmpfs 500.0M 0 500.0M 0% /tetmp

And then finally able to reset the password

[Expert@GK2]# ssh admin@xx.xx.xx.xx
admin@xx.xx.xx.xx's password:
Your password has expired and must be changed.
Enter password:
Enter password (again):
GK1>

Thanks Very much for your help Vincent. 

Thanks Andy too, I will set the threshold tmp filesystem higher and have some monitoring/cron scripts to clear some of those files down.

I will continue with Checkpoint to ask them about this issue and update here, once I hear back

Thats better news...

Andy

Hi all,

I logged a call and support kindly pointed me at : https://support.checkpoint.com/results/sk/sk181134

Where it states from Build 996002845 of R81.10.10:

So the issue I hit should be averted as a result of the above fix.

My 1590 stats that:

A new firmware version is available: 1500_R81.10.08_996001683 

As the fix is in R81.10.10 I am hoping that I can manually download and upgrade to that version.  I'm confirming compatibility.

Regards

Dek

Maybe if you upgrade to R81.10.08, then latest one will show up after?

Andy

K, I would do that then.