After giving up on debugging the issue we leave it alone and let business happen.

But we have had all three VM's exhibit this same issue. So I am thinking if we were to run it on the other box after the move it would do the same. 

It has us at a point where we don't even want to login to the devices lol. 

We have ran into this issue trying to troubleshoot our Stealth rule dropping proxy traffic that is heading out to the internet.

I have checked and the logs say it is going out but zdebug says it is being dropped so CheckPoint wants to run a debug and  since we have had so many strange issues we asked CheckPoint to assist. 

As soon as they ran the buffer it stopped responding to commands

fw ctl debug 0

fw ctl debug -buf 32000 -v 4

Rather than assuming what would happen on the other node on a fail over, you should actually do it and confirm what the behavior is.

Also, please send me the case # in a PM.

If increasing the buffer size causes issues I think I would start at looking at things like:

fw ctl pstat

As it seems to indicate the unit is running out of memory of sorts when you increase the debug buffers.

It would seem to be that but we have 64 Gig total and 55 Gig free.

These are model 15600

It's also possible it may be some sort of memory-related hardware issue.

This is one of the reasons I suggest actually failing over and seeing if the problem reproduces.

it has happened on two of the three machines.

We are in a change freeze right now, we are looking at a date next week.

we have a two hour window to troubleshoot the issue. I have someone from checkpoint that is going to be on the call.

we are going to reboot all three machines at the same time.

So I am looking for ideas on how to trouble shoot this issue.

I am looking at getting some stuff up and running before we set the buffer size like cpview top

But we have seen this on node one and three.

Thanks for any suggestions, they all are welcome

Tom

I was asked to check the vs_bits -stat

Houston I think we have a problem lol ;?)

[Expert@sef-cp-vsxn1:0]# vs_bits -stat

All VSs are at 32 bits

[Expert@sef-cp-vsxn1:0]# vsenv 4

Context is set to Virtual Device sef-cp-vsxn1_SEF-CP-VS-Internet (ID 4).

[Expert@sef-cp-vsxn1:4]# vs_bits -stat

All VSs are at 32 bits

[Expert@sef-cp-vsxn1:4]#

I don't think it would hurt anything to change VS Bits to 64 (though it requires a reboot, so you'd have to do it in an outage window).

yeah, next week we will find out, we are going to change to 64 reboot and then do the debugs.

I will keep the -vs in mind if we have an issue we will change that.

So we are going to R80.20 for the Microsoft office 365 (Stuff).

We are also hoping that the SecureXL changes fix the ' connection not found' we are seeing sk101134

we are still having to play shuffle the firewalls around if we do not we start having issues down the road like there is a mem leak of some kind. 

or maybe it is some table that is not being cleaned up and it runs out of room. Not sure but it will run without any issues for a few days and then it just starts dropping traffic.

fw ctl zdebug drop | grep ' connection not found'

[kern];[tid_29];[fw4_0];fw_log_drop_conn: Packet <dir 1, someIP -> SomeIP>, dropped by handle_outbound_pac, Reason: connection not found;

we are running a lot more mem on the firewalls so I am thinking this might be an issue for our config

the device did become unresponsive after running the buffer size command, twice

This was ran by checkpoint and it failed right after that

Upgrading the Management and then the Firewalls has fixed the issue with debug. we are able to run debug on the firewalls.

Sorry for the delay in the reply.  <6-0001071745>

We are still unable to run debug of any kind. it locks up pretty much but we are able to run cpstop and cpstart and get it back to running.'

We have discovered this error 

sk101134

SecureXL drops traffic with "... dropped by handle_outbound_pac, Reason: connection not found"