- Products
- Learn
- Local User Groups
- Partners
- More
Call For Papers
Your Expertise, Our Stage
Ink Dragon: A Major Nation-State Campaign
Watch HereAI Security Masters E5:
Powering Prevention: The AI Driving Check Point’s ThreatCloud
The Great Exposure Reset
AI Security Masters E4:
Introducing Cyata, Securing the Agentic AI Era
CheckMates Go:
CheckMates Fest
Hi all,
Recently, I had a client faced an issue whereby one of their FULL HA firewalls suddenly hangs and this issue happened more than 2 times within few months.
The 1st hang is on around 30 May 2023 and the firewall is working fine as usual after reboot. Meanwhile, we do hardware diagnostic via command "diagMain" and found out the diagnostic result show OK. With that, we opened a case with TAC on this and TAC suggested to install the latest recommended Jumbo Hotfix (take 197) as it resolves some memnory related issues. After that, we installed the Jumbo Hotfix take 197 on both FULL HA firewall member successfully on 22 July 2023.
The 2nd hang is on 1/8/2023 and this hang happened on the same firewall when it acts as active firewall and management (since 22 July 2023). The firewall is booted up after a reboot and the diagnostic result (via command diagMain) also show all OK. However, we monitor it more than 30 minutes and aware that its CPU utilization is inconsistent (somehow will reach more than 100% for Java process). Moreover, we tried to move the active management
Hence, I would like seek all of your advice whereby is this hang happened more than 2 times within these few months can become the reason to do RMA?
Thank you.
Keep us posted how it goes.
Andy
Here is the update on this matter after few weeks... the RMA still in the progress.....
However, the problematic firewall is up and running until now under the condition that it is act as active management server only.
Its consider weird for me. I will update again if any.
This is what i found as a best practice with Management HA - active node that takes all the load is secondary Management only, Standby node is primary management. But i rather do not suggest this kind of deployment at all...
I'm agree with the best practice mentioned in your post (split active modules (firewall and management) to both members).
However, there is a scenario (FULL HA enabled remote access blade with "certificate + username password" authentication method) where we can't split it.
It is because of the user vpn certificate renewal required the active management and firewall are in the same firewall member.
Full HA...whenever I think of it, reminds me of those things in life that when they work well, its heaven, but when they do break, to say its a nightmare would be an understatement of the century lol
Anyway, when you say RMA is in progress, you are still waiting for new appliance?
Andy
The new appliance just arrived today and we are doing configuration on the firewall and find a suitable date to do the replacement.
Thanks for the update @LeeBingKang
The RMA unit replaced on 4/11/2023, 12am (Malaysia time), Meanwhile, the new unit become active on both firewall and management module. We will monitor for 2 weeks start from now to ensure everything is fine.
It is almost 2 weeks and the new device is working fine with active status on both modules (firewall and management).
Looks like RMA is the solution for this matter.
Dear All,
Latest update here whereby the firewalls are working after RMA (round 3 months).
Hence, I believe RMA is the solution for this kind of issue.
Please give comments if you guys have any.
Thank you.
Sounds like that would be the case, glad its fixed.
Andy
A user vpn certificate renewal happens every couple of years only - it is CRL on active SMS that causes an issue. You can disable that as internal certs are not rewoked.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 33 | |
| 21 | |
| 18 | |
| 12 | |
| 9 | |
| 9 | |
| 8 | |
| 8 | |
| 8 | |
| 7 |
Tue 17 Mar 2026 @ 03:00 PM (CET)
From SASE to Hybrid Mesh: Securing Enterprise AI at Scale - EMEATue 17 Mar 2026 @ 02:00 PM (EDT)
From SASE to Hybrid Mesh: Securing Enterprise AI at Scale - AMERWed 18 Mar 2026 @ 10:00 AM (CET)
The Cloud Architects Series: An introduction to Check Point Hybrid Mesh in 2026 - In Seven LanguagesThu 19 Mar 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #2: AI Security Challenges and SolutionsTue 17 Mar 2026 @ 03:00 PM (CET)
From SASE to Hybrid Mesh: Securing Enterprise AI at Scale - EMEATue 17 Mar 2026 @ 02:00 PM (EDT)
From SASE to Hybrid Mesh: Securing Enterprise AI at Scale - AMERWed 18 Mar 2026 @ 10:00 AM (CET)
The Cloud Architects Series: An introduction to Check Point Hybrid Mesh in 2026 - In Seven LanguagesThu 19 Mar 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #2: AI Security Challenges and SolutionsTue 24 Mar 2026 @ 04:00 PM (CET)
Maestro Masters EMEA: Hyperscale Firewall Architectures and OptimizationTue 24 Mar 2026 @ 06:00 PM (COT)
San Pedro Sula: Spark Firewall y AI-Powered Security ManagementThu 26 Mar 2026 @ 06:00 PM (COT)
Tegucigalpa: Spark Firewall y AI-Powered Security ManagementAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY