This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
akurtasanov
Contributor
Sunday

Do not understand how does Aggressive Aging work with default settings

Explain to me, a fool, how the aggressive aging option should work on standard settings 🙂
By default, we have a drop when 80% of the connection limit AND 80% of the memory are reached.
But how should it work when "fw ctl pstat" shows the limit of concurrent connections as Unlimited?

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee
Sunday

Based on % memory utilization, did you already review:

sk122154 - How is Aggressive Aging enforced when Concurrent Connections Capacity Limit is calculated...?

CCSM R77/R80/ELITE
0 Kudos
akurtasanov
Contributor
Sunday
In response to Chris_Atkinson

Thanks!

Somehow didn't find this SK.

But with fw_salloc_maxmem_usage = 85 and around 90% Utilized memory I don't see any activity of Aggressive Aging.
Default Inspection profile is applied pstat says that AA enabled but not active.

And this is not the first case, so I would like to clarify before TAC.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
Sunday
In response to akurtasanov

How are you monitoring / calculating the memory consumption?

CCSM R77/R80/ELITE
0 Kudos
akurtasanov
Contributor
Sunday
In response to Chris_Atkinson

cpview + fw ctl pstat

There was one case when the memory jumped over 90% and the firewall literally committed suicide in the following way sk114529 but AA was still enabled and not active.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
Sunday
In response to akurtasanov

Do you use many custom TCP/UDP service objects, has aggressive aging been disabled for those?

Which version & JHF is used and is this regular cluster/gateway or Maestro?

CCSM R77/R80/ELITE
0 Kudos
akurtasanov
Contributor
Sunday
In response to Chris_Atkinson

Not so many. I have to check, but no more than 5-10 specific services.

0 Kudos
Timothy_Hall
Legend Legend
Legend
Monday
In response to akurtasanov

Use free -m to assess memory utilization.  Ignore the value reported for "free" and look at the "available" number, that is what Aggressive Aging is looking at when deciding whether to activate.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Lesley
Mentor Mentor
Mentor
Monday
In response to Timothy_Hall

With this you also can see it right?

  • 'Free Real Memory' in output of 'cpstat -f memory os' command
  • [ ('MemFree' + 'Buffers' + 'Cached') / 1024 ] from output of 'cat /proc/meminfo' command
-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Timothy_Hall
Legend Legend
Legend
Monday
In response to Lesley

Yes.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
akurtasanov
Contributor
Monday
In response to Timothy_Hall

Righ now I have next values:

[Expert@]# free -m
total used free shared buff/cache available
Mem: 31958 27252 910 30 3794 2915
Swap: 32159 9838 22321

[Expert@]# cpstat -f memory os

Total Virtual Memory (Bytes): 67232706560
Active Virtual Memory (Bytes): 40770469888
Total Real Memory (Bytes): 33510506496
Active Real Memory (Bytes): 30454579200
Free Real Memory (Bytes): 3055927296
Memory Swaps/Sec: -
Memory To Disk Transfers/Sec: -

[Expert@]# fw ctl pstat

Virtual System Capacity Summary:
Physical memory used: 26% (7069 MB out of 27164 MB) - below watermark
Kernel memory used: 3% (901 MB out of 27164 MB) - below watermark
Virtual memory used: 21% (5975 MB out of 27164 MB) - below watermark
Used: 5975 MB by FW, 1152 MB by zeco
Concurrent Connections: 19074 (Unlimited)
Aggressive Aging is enabled, not active

Available and Free real Memory are much smaller than 15-20% limit when AA should be in sleep state. But right now, AA still not active

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events