Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michio2000
Participant
Jump to solution

TCP connection Delay

Hi,community.

Delays in TCP communication occurred.Restarting the firewall resolved the issue.

When I checked with a TCP dump, I found that there was a delay of about 6 seconds.

This is the first time I've encountered an issue like this.
It occurred even when I switched to the standby device.
When I restarted the standby device, the issue did not occur.
If anyone has encountered an issue like this, please let me know how to solve it.

Product version Check Point Gaia R80.20
I know this version is no longer supported.

TCP dump log:

01:08:32.493951 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.495887 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.495922 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.505143 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.708137 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], seq 1:2, ack 1, win 229, length 1
01:08:32.708183 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2, wi n 229, length 0
01:08:33.113154 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:33.924092 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:35.544168 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:38.121256 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], seq 1:146 1, ack 1, win 229, length 1460
01:08:38.121305 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 1461, win 251, options [nop,nop,sack 1 {1:2}], length 0
01:08:38.122037 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [P.], seq 1461 :2313, ack 1, win 229, length 852
01:08:38.122083 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2313, win 274, length 0
01:08:38.361060 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [P.], seq 1:17 2, ack 2313, win 274, length 171
01:08:38.361132 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [F.], seq 172, ack 2313, win 274, length 0
01:08:38.362012 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 172, win 237, length 0
01:08:38.362491 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [F.], seq 2313 , ack 173, win 237, length 0
01:08:38.362533 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2314, win 274, length 0
01:08:38.362553 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [R.], seq 2314 , ack 173, win 237, length 0
01:08:38.362802 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [R], seq 22970 44238, win 0, length 0

 

0 Kudos
5 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Install a more current version!

 

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

Lesley
Leader Leader
Leader

Can be caused by loads of stuff. What have you done to troubleshoot so we can focus more on a specific item?

Maybe start with a HCP health check and see if we can work from that:

https://support.checkpoint.com/results/sk/sk171436

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

0 Kudos
the_rock
Legend
Legend

Personally, I would upgrade to least supported version, which is currently R81 base, though I would go with R81.20, if possible.

Andy

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

Maybe with output of the Super Seven commands, we can provide some guidance: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...
However, I strongly suggest upgrading to a supported release.

View solution in original post

0 Kudos
Michio2000
Participant

From everyone,
Thank you very much for your many answers.
After contacting CheckPoint support, I learned that the problem was the monitored process.
Apply jumbo hotfix.

Take 203
ID:PRJ-28793,PRHF-18683
Product:Gaia OS
Description:In a rare scenario, a memory leak may occur in the monitord process.

Take 187
ID:PRJ-6170,PRJ-16475,PRHF-6118
Product:Gaia OS
Description:In some scenarios, the monitord process may consume high CPU. Refer to sk163614.

View solution in original post

(1)
7 Replies
G_W_Albrecht
Legend Legend
Legend

Install a more current version!

 

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Lesley
Leader Leader
Leader

Can be caused by loads of stuff. What have you done to troubleshoot so we can focus more on a specific item?

Maybe start with a HCP health check and see if we can work from that:

https://support.checkpoint.com/results/sk/sk171436

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

Personally, I would upgrade to least supported version, which is currently R81 base, though I would go with R81.20, if possible.

Andy

0 Kudos
PhoneBoy
Admin
Admin

Maybe with output of the Super Seven commands, we can provide some guidance: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...
However, I strongly suggest upgrading to a supported release.

0 Kudos
Michio2000
Participant

Thank you for your reply.

I would like to upgrade the firmware too.

However, I don't have a test environment. Also, I'm using it on a delicate system, so I can't just casually upgrade it.

But now that I know that an upgrade is necessary, I would like to suggest that I upgrade my customer.

0 Kudos
Michio2000
Participant

From everyone,
Thank you very much for your many answers.
After contacting CheckPoint support, I learned that the problem was the monitored process.
Apply jumbo hotfix.

Take 203
ID:PRJ-28793,PRHF-18683
Product:Gaia OS
Description:In a rare scenario, a memory leak may occur in the monitord process.

Take 187
ID:PRJ-6170,PRJ-16475,PRHF-6118
Product:Gaia OS
Description:In some scenarios, the monitord process may consume high CPU. Refer to sk163614.

(1)
the_rock
Legend
Legend

Excellent!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events