This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Supporto_Checkp
Collaborator
‎2022-11-30 11:32 AM

VSX - Single Virtual System abnormal use of RAM

Hi

I've a VSX Cluster ( simple HA beacuse the customer """"doesn't trust"""" VSLS ..... ) with R80.40 Take 180, this node is a 15400 with 24gb ram

This Cluster hosts 29 virtual firewall ; each one is not heavily loaded ; they are limited to 4000 connection but have peaks of 600,

One of them ( VS 22 ) is using a lot of ram compared to the others

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+  P COMMAND

5027 admin      0 -20 5858644 4.470g  68604 S   1.0 **19.3***  18:48.70  2 **fwk22**_dev_0

11572 admin      0 -20 3474088 2.192g 595908 S   5.9  9.4 161:28.40 10 fwk0_dev_0

11558 admin     20   0  674568 658216 466092 S   0.0  2.7   0:00.88  3 fwk_forker

1926 admin      0 -20 1746652 574500 101184 S   1.0  2.4 193:13.77  1 fwk29_dev_0

5003 admin      0 -20 1570108 398056  90040 S   2.0  1.6  26:27.92  2 fwk16_dev_0

5084 admin      0 -20 1553780 381844  89584 S   1.0  1.6  22:25.49  3 fwk20_dev_0

5078 admin      0 -20 1547356 374484  88764 S   1.0  1.5   9:20.74  3 fwk10_dev_0

VS22 is not under heavy load ...

I've tried switching the cluster but the active node start allocating a lot of ram to VS22 ...
the same after a reboot...it start with a normal allocation and slowly increase and increase and increase....two days ago this VS used all the ram ...leaving only 97 MB free ...( I had to reboot the node )
The only active blade on that VS the Firewall Blade ,there are 30 policies and 10 manual nat...nothing strange.

Any advice?  thx! 🙂

I forgot to say that even today we had a little use of swap ...almost 170MB,but before the reboot when I had the "97mb situation" it used swap file for almost 2300MB

Labels
0 Kudos
9 Replies
Bob_Zimmerman
Authority
Authority
‎2022-11-30 11:49 AM

97 MB free measured how? That sounds about right for a healthy Linux system measured via 'free -h' or 'top'.

0 Kudos
Supporto_Checkp
Collaborator
‎2022-11-30 12:04 PM
In response to Bob_Zimmerman

I used cpview 

it wasn't fine , it was swapping a lot ,over 2300mb of swap.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-30 02:15 PM

Sounds like a possible memory leak.
Please open a TAC case if you haven’t already.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-11-30 05:05 PM

For information the 15400s RAM can also be expanded where required, this may provide some longevity / short term mitigation whilst you investigate other possible causes.

CCSM R77/R80/ELITE
0 Kudos
Supporto_Checkp
Collaborator
‎2022-12-01 12:18 AM
In response to Chris_Atkinson

I know,but this is not an answer ...and should not be an advice., we don't find ram modules under the pillow..

extra ram need extra money and time to receive it and install it .

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-12-01 12:23 AM
In response to Supporto_Checkp

Indeed, the quickest path to resolution is to investigate with TAC. 

CCSM R77/R80/ELITE
0 Kudos
Martin_Hofbauer
Contributor
Contributor
‎2022-12-01 06:28 AM

We had a very similar thing,

In our case ( also VSX), we experienced a hanging Python script ("ifi_server" ).

see also

https://community.checkpoint.com/t5/Security-Gateways/Memory-Lost-from-40GB-Free-64GB-to-1GB-in-one-...

you can also see it with "hcp"  under "Top user-space processes (aggregated by name)"

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-12-01 06:54 AM
In response to Martin_Hofbauer

To my knowledge this issue would only be relevant where AV/TE is enabled.

CCSM R77/R80/ELITE
0 Kudos
Supporto_Checkp
Collaborator
‎2022-12-01 07:01 AM
In response to Chris_Atkinson

nothing similar ,really simple firewall with only the firewall blade

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    li.common.scroll-to.top