This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fabiofabio
Collaborator
‎2021-08-16 01:15 AM

troubleshooting consumption of resources constantly increasing

Hello,
in the last few weeks I have had an abnormal increase in resource consumption. I leave attached the screens of the consumption of ram (constantly increasing) and cpu. All this happened on the 30th of last month, when there was the scheduled log cleaning activity. In addition to the use of the cpu and ram, I noticed the increase in connections, it only increased by about 1 Mbps in the sync board towards the standby node. I asked for my assistance but they could not understand the problem. resource consumption has always remained stable and now it has gone up all of a sudden and it stays there ... the ram is going up very fast until it is saturated and the problems will start ... I have to understand the problem before that.
PS: the cpu in some graphics is very low because it averages all 12 cpus, when my license allows me to use only 4.
any suggestions?
thank you.

Labels
Preview file
46 KB
Preview file
75 KB
Preview file
48 KB
Preview file
78 KB
Preview file
114 KB
0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-08-16 01:44 AM

Did you reboot the unit in question already ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-16 08:24 AM

What version/JHF level?
Also, please provide output of the Super Seven commands: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-08-17 06:36 AM

Everything looks fine to me, your firewall is not paging or swapping due to a shortage of free memory as shown by top.

Looks like normal utilization of excess memory for buffering/caching that grows over time, but that memory can be freed instantly if it is needed for code execution which happened a few times and caused the sudden drop in memory utilization in your graph.  After a reboot memory utilization will look much lower and slowly grow as it is utilized for buffering/caching; this is expected and welcome behavior as long as your firewall is not dipping into swap space. 

As Phoneboy said we need to see Super Seven outputs, especially free -m.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
fabiofabio
Collaborator
‎2021-08-17 07:05 AM
In response to Timothy_Hall

i haven't tried to restart it yet, can it really fix my problem?
however I leave attached the output of the Super Seven commands script.
thanks for the support!

Preview file
21 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-17 08:06 AM
In response to fabiofabio

The fact you have a lot of drops on eth1 is concerning and could very well be the cause of increased CPU.
Where precisely does eth1 lead?

Also, the fact you have 12 cores but are licensed for 4 means you're not able to fully utilize your appliance.
Like @Timothy_Hall said, increasing memory utilization is not necessarily indicative of an issue. 

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-08-17 08:15 PM
In response to fabiofabio

As Phoneboy observed there are some drops on eth1 and eth3 but they are well below 0.1% of total frames and not an immediate concern, your single SND core in the 1/3 split is also relatively idle compared your 3 firewall worker cores which are running around 60% utilization.  Not a huge amount of headroom available there and I'd agree with Phoneboy that you may want to consider licensing 8 cores which would move you to a 2/6 split. 

Your 27% F2F traffic percentage is a bit high but not ridiculous, please provide the output of enabled_blades which may explain some of that.  Everything else looks fine to me...

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
fabiofabio
Collaborator
‎2021-08-18 12:28 AM
In response to Timothy_Hall

[Expert@*******:0]# enabled_blades
fw vpn cvpn urlf appi ips identityServer SSL_INSPECT anti_bot mon vpn

 

I understand that I have few resources available but I ask you please to look again at the screen I am attaching, that sudden increase in resources It is something strange. It is not possible for an appliance to run for months and months with regular resource consumption, there is a definite pattern. and then suddenly, BOOM, from the 29th there is a SUBSTANTIVE increase in resources. it is anomalous, no doubt about it

Preview file
102 KB
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-08-18 12:40 AM
In response to fabiofabio

I would suggest a reboot or failover - an uptime of more than a month is not good for a GW 8).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
‎2021-08-18 12:57 AM
In response to G_W_Albrecht

@G_W_Albrecht not relevant to the topic of the tread, but I would disagree that you would need to restart GW every month, seems a bit excessive to me. Just for fun comment, back in the day we had a Nokia IP440 box with uptime over 3500 days! no memory issues... 🙂 SW in IPSO was top notch!

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-08-18 01:54 AM
In response to Kaspars_Zibarts

OK, i admit that current CP GAiA based GWs need only to be rebooted about once every quarter 😏

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events