Create a Post
Showing results for 
Search instead for 
Did you mean: 

What uses the memory in firewalls ? Issue with memory

Hi all

i had an issue with the memory near 100% full on my 15400 firewall this week, a reboot solved it.

my question is, what uses most the memory in firewalls? There is around 4 gig used normally, in this case 7 gig was used and the firewall was dropping connections.

do the more blades you run consume more memory? Can you tell from cpview which blade is consuming it?


0 Kudos
1 Reply

It is normal to see high memory utilization on a firewall that has been running for a long time, as spare memory is used for buffering and caching of disk operations which tend to build up over time.  Memory used for buffering/caching can be freed at any time if the kernel needs it.  Run free -m to see how much memory is used for code execution vs. buffering & caching.  

If there is truly high memory utilization that cannot be attributed to buffering/caching, running top and hitting M will show the processes consuming the most memory in process/user space.  You can identify the different processes and their responsibilities here: sk97638: Check Point Processes and Daemons

If memory utilization is high and it cannot be attributed to processes or buffering/caching, that means the kernel is consuming a large amount of memory.  Because kernel memory cannot be swapped to disk and must reside in RAM at all times, a side effect of high kernel memory utilization will be the use of swap space by processes as there is not enough RAM for them (free -m to see this). 

To see if the kernel is running short on memory run fw ctl pstat and look for "failures".  It is possible to get some insight into memory consumption inside the kernel on a per-blade basis, see the following screens in cpview:

  • Advanced.Memory.Overview
  • Advanced.Memory.Contexts
New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at
0 Kudos