This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HarryB
Participant
‎2021-05-20 01:40 AM

Memory problem: memory runs out after a few times

Hello,

We have the problem that our firewall's memory regularly fills up after about 3 weeks.
If that is the case, there is no connection anymore.
The message appears more and more: TCP segment out of maximum allowed sequence. Packet dropped
Then only a reboot or swivel to the other module helps.
In our CheckMK you can clearly see how it goes up continuously.
We opened a ticket with CP. To analyze it, we would have to run into the error. But we cannot do that, because then there will be massive problems in the business.
I hope that someone in the community had a similar problem and solved it. Or has a few tips on how we can get this under control.

Installed on a Dell PowerEdge R740 64 GB RAM
R80.40 (Hotfix Take 94) (active / passive cluster)
Kernel: 3.10.0-957.21.3cpx86_64
Edition: 64-bit
Build Number: 294


 

 

Preview file
114 KB
0 Kudos
1 Reply
Timothy_Hall
Legend Legend
Legend
‎2021-05-21 08:44 AM

Need to see output of free -m taken when memory use starts to staircase up as shown in your graph.  Possible it is just memory allocation for buffering/caching (which is expected), but the fact that you start to experience problems would seem to suggest otherwise.

While memory is staircasing up, first step is you need to try to determine if the memory utilization is in process space or kernel space.  Easiest way to do this is run top and hit capital "M" which will sort processes by top memory utilization.  Do you see any processes sucking up more and more memory?  If so check the corresponding elg file for that process to gain insight into what is going on, for example if the daemon name is fwd, check the $FWDIR/log/fwd.elg log file (or possibly $CPDIR/log/fwd.elg depending on which daemon it is).  

If you don't see any processes obviously hogging memory in top, it means that the issue is in the kernel, and the next step would be to run fw ctl pstat to try to figure out what specific type of memory is being excessively consumed (i.e. hmem, smem, kmem).

Obviously what to do about whatever you find is another matter entirely, but hopefully this has given you a few places to look and start narrowing down where you should focus your efforts.  Loading the latest GA Jumbo HFA is also a very good idea, as these will frequently include fixes for memory leaks.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events