This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sebasnqn
Contributor
‎2024-10-01 04:38 AM

CPU goes 100% - Process temain ted

Hello mates! How are you all?

   We're having issues in our FW; perhaps one of you had this problem before.

FW is an open server, Version 81.10 with JHF T130; it has hyperthreading enabled  and is running as proxy.

Every working day seen past few weeks, the CPU  goes to 100% for several minutes. We checked the process and the temain ted seems to be taking all the stars.

htop.png

cpu.png

 

There are a few elephant connections but can't be accelerated because of FW been used as proxy I think.

I've checked the affinity for temain, and seems to be attached to all the CPU available.

 

affinity.png

 

But, if I do "tecli show affinity" the result is 

Command: root->show->affinity
error: unable to retrieve process affinity

If I check the management to see logs of the IPS blade, there is nothing there, probably because FW its suffering on 100% load.

I've no idea where else to look or what to do here; help would be really appreciate.

Thanks in advanced!

 

 

 

 

 
 

 

0 Kudos
10 Replies
the_rock
Legend
Legend
‎2024-10-01 05:09 AM

Does cprestart or reboot help?

Andy

0 Kudos
sebasnqn
Contributor
‎2024-10-01 05:14 AM
In response to the_rock

Hello Andy,

     Thanks for replying.

We did not restart the FW; I could try it tomorrow. After those 20 to 40 minutes of 100% load, goes like "normally".

 

cpu.png

 

 

 

0 Kudos
the_rock
Legend
Legend
‎2024-10-01 05:16 AM
In response to sebasnqn

I know one client who had this problem and went away after they upgraded to R81.20. I cant recall now what jumbo they installed, but this was few months back, probably April or May.

Andy

0 Kudos
sebasnqn
Contributor
‎2024-10-01 05:22 AM
In response to the_rock

Ok, it's an option!

      We've thought that and it's scheduled to do this weekend; we'll see if it helps!

Thanks!

the_rock
Legend
Legend
‎2024-10-01 05:23 AM
In response to sebasnqn

Im fairly positive it WILL help!

Andy

sebasnqn
Contributor
‎2024-10-09 04:25 AM
In response to the_rock

Hello Andy,

   We've upgraded to 81.20 last JHF but the problem still there. Also discover a new ones but that another thread.

 

radProcess.jpg

 

I've also checked the hits on urlf with this command fw tab -t urlf_cache_tbl -s and we'e 7335 on #vals conlumns. 

 

 

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-10-01 05:40 AM

Hi @sebasnqn 

If we talk about "Elephant Flows"  consider to user SecureXL Fast Accelerator" 

https://support.checkpoint.com/results/sk/sk156672

It would help a lot.

Akos

 

----------------
\m/_(>_<)_\m/
sebasnqn
Contributor
‎2024-10-01 06:01 AM
In response to AkosBakos

Hi Sir,

  Thanks for replying.

We've a few rules activated, but no hits on them. I think related to the proxy usage of the firewall.

Thanks though!

0 Kudos
the_rock
Legend
Legend
‎2024-10-01 06:03 AM
In response to sebasnqn

That also makes sense to me.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-01 08:18 AM

ted is "Threat Emulation" not IPS.

Traffic cannot be accelerated with SecureXL when the gateway used as an explicit proxy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events