Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lincoln_Webber
Participant

fw monitor stops working after upgrade to R80.40

Hi Guys,

We upgrade our R80.30 VSX cluster to R80.40 JHF Take 45 over the weekend and fw monitor complains that it cant allocate buffer then throws me back to the shell. See the screenshot for the actual messages.

Has anyone experienced this of has insight into the cause and solution?

fw_monitor_error.PNG

5 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @Lincoln_Webber,

Add your VS to fw monitor:

fw monitor -v <vsx instance> -e "accept(host ...);"

Specifies the capture filter (for both accelerated and non-accelerated traffic):

-F "<Source IP>,<Source Port>,<Dest IP>,<Dest Port>,<Protocol Number>"

If that doesn't help, I'd open a TAC case.

PS:
With R80.40 fw monitor works slightly different than in older versions. Showing list of chain modules with the "fw monitor", when you do not change the default capture positions:

in chain (17):
0: -7fffffff (0000000000000000) (00000000) SecureXL inbound (sxl_in)
1: -7ffffffe (0000000000000000) (00000000) SecureXL inbound CT (sxl_ct)
2: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (in) (ipopt_strip)
3: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
4: - 1fffff8 (ffffffff8b66f6f0) (00000001) Stateless verifications (in) (asm)
5: - 1fffff7 (ffffffff8b66f210) (00000001) fw multik misc proto forwarding
6: 0 (ffffffff8b8506a0) (00000001) fw VM inbound (fw)
7: 2 (ffffffff8b671d10) (00000001) fw SCV inbound (scv)
8: 4 (ffffffff8b061ed0) (00000003) QoS inbound offload chain module
9: 5 (ffffffff8b564d30) (00000003) fw offload inbound (offload_in)
10: 10 (ffffffff8b842710) (00000001) fw post VM inbound (post_vm)
11: 100000 (ffffffff8b7fd6c0) (00000001) fw accounting inbound (acct)
12: 22000000 (ffffffff8b0638d0) (00000003) QoS slowpath inbound chain mod (fg_sched)
13: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
14: 7f730000 (ffffffff8b3c40b0) (00000001) passive streaming (in) (pass_str)
15: 7f750000 (ffffffff8b0e5b40) (00000001) TCP streaming (in) (cpas)
16: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (in) (ipopt_res)

out chain (16):
0: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (out) (ipopt_strip)
1: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
2: - 1fffff0 (ffffffff8b0d0190) (00000001) TCP streaming (out) (cpas)
3: - 1ffff50 (ffffffff8b3c40b0) (00000001) passive streaming (out) (pass_str)
4: - 1f00000 (ffffffff8b66f6f0) (00000001) Stateless verifications (out) (asm)
5: - 1ff (ffffffff8aeec0a0) (00000001) NAC Packet Outbound (nac_tag)
6: 0 (ffffffff8b8506a0) (00000001) fw VM outbound (fw)
7: 10 (ffffffff8b842710) (00000001) fw post VM outbound (post_vm)
8: 15000000 (ffffffff8b062540) (00000003) QoS outbound offload chain modul (fg_pol)
9: 21000000 (ffffffff8b0638d0) (00000003) QoS slowpath outbound chain mod (fg_sched)
10: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
11: 7f000000 (ffffffff8b7fd6c0) (00000001) fw accounting outbound (acct)
12: 7f700000 (ffffffff8b0e4660) (00000001) TCP streaming post VM (cpas)
13: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (out) (ipopt_res)
14: 7f900000 (0000000000000000) (00000000) SecureXL outbound (sxl_out)
15: 7fa00000

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Ilya_Yusupov
Employee
Employee

Hi @Lincoln_Webber ,

 

Can you share the exact command you used for fw monitor? it's not seen in the screenshot.

Also any chance that you run some debug on the system before running the fw monitor command?

 

In general looks like your buffer is full this is why the fw monitor is not able to load.

0 Kudos
Lincoln_Webber
Participant

Hi Ilya,
The command is in the first line of the screenshot (fw monitor -e 'accept host(x.x.x.x);'
0 Kudos
Ilya_Yusupov
Employee
Employee

Hi @Lincoln_Webber ,

 

i tried same command in my lab and it works, as i mention before it looks like buffer issue.

Are you sure you don't have any debugs turned on? 

0 Kudos
Lincoln_Webber
Participant

Hey Heiko,

I got it to run by adding the -v option.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events