This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christine_Berns
Explorer
‎2021-07-11 09:37 PM

Suddenly experiencing out of memory conditions on security gateways


We recently started experiencing out of memory errors on our Checkpoint firewall cluster. This is an R77.30 cluster - we realize R77.30 is unsupported and are making plans to migrate to R80.40. In each case, the cluster member that experienced the out of memory condition failed over to the other member, or hung. In each occurrence, /var/log/messages shows the scanengine_b process core dumping and then shortly thereafter, the out of memory condition occurs. Coincidentally, these out of memory conditions first started occurring after the latest threat prevention engine version 59.990000640 was automatically downloaded to our firewalls on May 27. Since then we have had three out of memory occurrences. Prior to that we have never experienced any memory issues in all of the years that we have been running these firewalls. Smartview Monitor graphs show stable memory until suddenly the memory use starts to climb until the out of memory condition occurs.  Attached is output from the /var/log/messages file.  The high CPU usage logged is from CPU-11(FW_0) processing the VPN traffic.  Do the messages in the log file provide any information as to what may be causing the out of memory condition?  If not, can anyone provide some guidance on what we can do to further troubleshoot? 

Preview file
37 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-07-11 10:09 PM

The messages confirm it's the Threat Prevention engine that is causing the out of memory issues.
TAC would have to look at the core files to see why it's happening.
Getting on a supported release seems like the next step.

0 Kudos
Christine_Berns
Explorer
‎2021-07-11 10:29 PM
In response to PhoneBoy

Would TAC still look at core files from R77.30?  If that's a possibility, I would work with our Checkpoint support vendor to get the files to TAC.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-11 10:55 PM
In response to Christine_Berns

The Threat Emulation engine is relatively version independent, so it's possible.
However, I can't say for sure.
In any case, the remediation options will be limited to upgrading to a supported release.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events