This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Ellis
Advisor
3 weeks ago

Uptime Restart practice

I do not see this metric included anywhere.  Hence, the query for the community.

What would be a reasonable length of time before we would consider restarting a gateway?

Days in the past (I started with R55), we generally accepted 180 days of uptime as being a candidate for restarting a gateway.  Memory leaks, heap issues, errant code, and other strange things tended to destabilize a box over time.  Issues were avoided, especially before an upgrade, by restarting a gateway before changes were made.

What would you consider a reasonable uptime to target restarts?  Or is that considered an issue anymore (I think it still is)?

0 Kudos
2 Replies
Bob_Zimmerman
Authority
Authority
3 weeks ago

I've had firewalls which have run for over eight years with no reboots. That was mostly because the applications which sent traffic through them had conflicting windows for potentially-disruptive changes, and we could never get a window from all of them at the same time.

Long uptime gives me hives because it means you haven't recently tested to be sure the firewall can come back up after losing power. I've had a few datacenter-wide power outages (fire in the power distribution room, state superconducting grid outages, etc.). Every time, some system which has been too critical to maintain hasn't come back up. Most of the times, they're not one of my systems, but a few have been.

Today, we install a jumbo every 180 days at most, and I'm working towards every 90 days. For years, the first response on every ticket we opened was "You're on an old version. Jumbos include a lot of fixes. Try updating the jumbo and tell us if the issue is still present." Since we've gotten serious about more frequent updates, we get that a lot less, and every ticket spends a week less dealing with that kind of boilerplate. The work to let us update more frequently (e.g, finding and eliminating differences between cluster members) has also led to much greater overall reliability on our firewalls.

0 Kudos
George_Ellis
Advisor
3 weeks ago
In response to Bob_Zimmerman

We have a goal to get to "always on recommended".  Not there yet.

Sidebar - At a former employer, we had some Sun gateways.  The hardware was "end of Ebay" (there is end of life, end of support, and end of EBay - parts can no longer be found even on Ebay).  No restart as the hard drives would probably not restart if they were rebooted.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events