- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi,community.
Delays in TCP communication occurred.Restarting the firewall resolved the issue.
When I checked with a TCP dump, I found that there was a delay of about 6 seconds.
This is the first time I've encountered an issue like this.
It occurred even when I switched to the standby device.
When I restarted the standby device, the issue did not occur.
If anyone has encountered an issue like this, please let me know how to solve it.
Product version Check Point Gaia R80.20
I know this version is no longer supported.
TCP dump log:
01:08:32.493951 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.495887 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.495922 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.505143 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:32.708137 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], seq 1:2, ack 1, win 229, length 1
01:08:32.708183 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2, wi n 229, length 0
01:08:33.113154 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:33.924092 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:35.544168 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 1, wi n 229, length 0
01:08:38.121256 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], seq 1:146 1, ack 1, win 229, length 1460
01:08:38.121305 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 1461, win 251, options [nop,nop,sack 1 {1:2}], length 0
01:08:38.122037 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [P.], seq 1461 :2313, ack 1, win 229, length 852
01:08:38.122083 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2313, win 274, length 0
01:08:38.361060 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [P.], seq 1:17 2, ack 2313, win 274, length 171
01:08:38.361132 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [F.], seq 172, ack 2313, win 274, length 0
01:08:38.362012 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [.], ack 172, win 237, length 0
01:08:38.362491 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [F.], seq 2313 , ack 173, win 237, length 0
01:08:38.362533 IP sample-03.12345 > XXX.XX.XXX.4.26472: Flags [.], ack 2314, win 274, length 0
01:08:38.362553 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [R.], seq 2314 , ack 173, win 237, length 0
01:08:38.362802 IP XXX.XX.XXX.4.26472 > sample-03.12345: Flags [R], seq 22970 44238, win 0, length 0
Install a more current version!
Can be caused by loads of stuff. What have you done to troubleshoot so we can focus more on a specific item?
Maybe start with a HCP health check and see if we can work from that:
https://support.checkpoint.com/results/sk/sk171436
Personally, I would upgrade to least supported version, which is currently R81 base, though I would go with R81.20, if possible.
Andy
Maybe with output of the Super Seven commands, we can provide some guidance: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...
However, I strongly suggest upgrading to a supported release.
From everyone,
Thank you very much for your many answers.
After contacting CheckPoint support, I learned that the problem was the monitored process.
Apply jumbo hotfix.
Take 203
ID:PRJ-28793,PRHF-18683
Product:Gaia OS
Description:In a rare scenario, a memory leak may occur in the monitord process.
Take 187
ID:PRJ-6170,PRJ-16475,PRHF-6118
Product:Gaia OS
Description:In some scenarios, the monitord process may consume high CPU. Refer to sk163614.
Install a more current version!
Can be caused by loads of stuff. What have you done to troubleshoot so we can focus more on a specific item?
Maybe start with a HCP health check and see if we can work from that:
https://support.checkpoint.com/results/sk/sk171436
Personally, I would upgrade to least supported version, which is currently R81 base, though I would go with R81.20, if possible.
Andy
Maybe with output of the Super Seven commands, we can provide some guidance: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...
However, I strongly suggest upgrading to a supported release.
Thank you for your reply.
I would like to upgrade the firmware too.
However, I don't have a test environment. Also, I'm using it on a delicate system, so I can't just casually upgrade it.
But now that I know that an upgrade is necessary, I would like to suggest that I upgrade my customer.
From everyone,
Thank you very much for your many answers.
After contacting CheckPoint support, I learned that the problem was the monitored process.
Apply jumbo hotfix.
Take 203
ID:PRJ-28793,PRHF-18683
Product:Gaia OS
Description:In a rare scenario, a memory leak may occur in the monitord process.
Take 187
ID:PRJ-6170,PRJ-16475,PRHF-6118
Product:Gaia OS
Description:In some scenarios, the monitord process may consume high CPU. Refer to sk163614.
Excellent!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
16 | |
8 | |
8 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY