This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
carl_t
Contributor
‎2020-10-31 05:29 AM

What uses the memory in firewalls ? Issue with memory

Hi all

i had an issue with the memory near 100% full on my 15400 firewall this week, a reboot solved it.

my question is, what uses most the memory in firewalls? There is around 4 gig used normally, in this case 7 gig was used and the firewall was dropping connections.

do the more blades you run consume more memory? Can you tell from cpview which blade is consuming it?

cheers

0 Kudos
1 Reply
Timothy_Hall
Legend Legend
Legend
‎2020-10-31 06:40 AM

It is normal to see high memory utilization on a firewall that has been running for a long time, as spare memory is used for buffering and caching of disk operations which tend to build up over time.  Memory used for buffering/caching can be freed at any time if the kernel needs it.  Run free -m to see how much memory is used for code execution vs. buffering & caching.  

If there is truly high memory utilization that cannot be attributed to buffering/caching, running top and hitting M will show the processes consuming the most memory in process/user space.  You can identify the different processes and their responsibilities here: sk97638: Check Point Processes and Daemons

If memory utilization is high and it cannot be attributed to processes or buffering/caching, that means the kernel is consuming a large amount of memory.  Because kernel memory cannot be swapped to disk and must reside in RAM at all times, a side effect of high kernel memory utilization will be the use of swap space by processes as there is not enough RAM for them (free -m to see this). 

To see if the kernel is running short on memory run fw ctl pstat and look for "failures".  It is possible to get some insight into memory consumption inside the kernel on a per-blade basis, see the following screens in cpview:

  • Advanced.Memory.Overview
  • Advanced.Memory.Contexts
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events