Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sebasnqn
Contributor

CPU goes 100% - Process temain ted

Hello mates! How are you all?

   We're having issues in our FW; perhaps one of you had this problem before.

FW is an open server, Version 81.10 with JHF T130; it has hyperthreading enabled  and is running as proxy.

Every working day seen past few weeks, the CPU  goes to 100% for several minutes. We checked the process and the temain ted seems to be taking all the stars.

htop.png

cpu.png

 

There are a few elephant connections but can't be accelerated because of FW been used as proxy I think.

I've checked the affinity for temain, and seems to be attached to all the CPU available.

 

affinity.png

 

But, if I do "tecli show affinity" the result is 

Command: root->show->affinity
error: unable to retrieve process affinity

If I check the management to see logs of the IPS blade, there is nothing there, probably because FW its suffering on 100% load.

I've no idea where else to look or what to do here; help would be really appreciate.

Thanks in advanced!

 

 

 

 

 
 

 

0 Kudos
10 Replies
the_rock
Legend
Legend

Does cprestart or reboot help?

Andy

0 Kudos
sebasnqn
Contributor

Hello Andy,

     Thanks for replying.

We did not restart the FW; I could try it tomorrow. After those 20 to 40 minutes of 100% load, goes like "normally".

 

cpu.png

 

 

 

0 Kudos
the_rock
Legend
Legend

I know one client who had this problem and went away after they upgraded to R81.20. I cant recall now what jumbo they installed, but this was few months back, probably April or May.

Andy

0 Kudos
sebasnqn
Contributor

Ok, it's an option!

      We've thought that and it's scheduled to do this weekend; we'll see if it helps!

Thanks!

the_rock
Legend
Legend

Im fairly positive it WILL help!

Andy

sebasnqn
Contributor

Hello Andy,

   We've upgraded to 81.20 last JHF but the problem still there. Also discover a new ones but that another thread.

 

radProcess.jpg

 

I've also checked the hits on urlf with this command fw tab -t urlf_cache_tbl -s and we'e 7335 on #vals conlumns. 

 

 

0 Kudos
AkosBakos
Advisor
Advisor

Hi @sebasnqn 

If we talk about "Elephant Flows"  consider to user SecureXL Fast Accelerator" 

https://support.checkpoint.com/results/sk/sk156672

It would help a lot.

Akos

 

----------------
\m/_(>_<)_\m/
sebasnqn
Contributor

Hi Sir,

  Thanks for replying.

We've a few rules activated, but no hits on them. I think related to the proxy usage of the firewall.

Thanks though!

0 Kudos
the_rock
Legend
Legend

That also makes sense to me.

Andy

0 Kudos
PhoneBoy
Admin
Admin

ted is "Threat Emulation" not IPS.

Traffic cannot be accelerated with SecureXL when the gateway used as an explicit proxy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events