This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Christophe_SIEB
Participant
‎2018-02-12 12:49 PM

Memory status shows red color on management server

Hello, the memory status on the management server for the active gateway of a cluster is red (83%), although high memory consumption in the gateway does not seem to be a concern as far as Gaia uses the maximum available memory for buffers/ cache. What do you think ? Why is the management server showing this situation as an alert ?

Version R80.10 Take_70 for all systems

#free - m

Mem: total:7744 used: 7405 free:339 shared:0 buffers:25 cached:953

-/+ buffers/cache: used: 6426 free: 1318

Swap: total: 18394 used:0 free: 18394.

Thanks

Christophe

0 Kudos
13 Replies
Vladimir
Champion
Champion
‎2018-02-12 02:35 PM

It may be related to the caching of incorrect information by the management server. Take a look here: https://community.checkpoint.com/message/13131-re-clusterxl-on-take70-does-not-function-properly?com... 

0 Kudos
Christophe_SIEB
Participant
‎2018-02-12 11:00 PM
In response to Vladimir

The point is the information seems correct.

If I use the numbers of the free-m command: 6426/7744 represents 83 % of used RAM.

The interface in the SMS is somewhat disturbing (see picture) as it appears as a critical state.

Thanks

0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-02-13 12:18 AM
In response to Christophe_SIEB

Maybe this is just the red mark for: we are above 80% memory, better no high traffic situation comes around. I would suggest to go up to R80.10 Take_70 # SmartConsole Build 024  asap

CCSE CCTE SMB Specialist
0 Kudos
Vladimir
Champion
Champion
‎2018-02-13 06:47 AM
In response to Christophe_SIEB

In which case it makes perfect sense. It is not critical until there is a spike in traffic and, depending on the blades you have enabled, it very well may prove detrimental to overall system stability.

There is probably a way to adjust the threshold parameters for RAM, but I would not recommend doing it.

0 Kudos
Christophe_SIEB
Participant
‎2018-02-13 07:10 AM
In response to Vladimir

Thank you Vladimir and Guenther.

0 Kudos
Christophe_SIEB
Participant
‎2018-02-17 01:23 AM

Hello, today (not a business day) the free -m command outputs:
Mem: total: 7744 used: 7285 free: 459 shared: 0 buffers: 25 cached: 977
-/+buffers/cache: used: 6281 free: 1463
swap: total: 18394 used: 1385 free: 17009
So the gateway started to swap.
Looking at the top command, wstlsd is the process that seems to consume memory.


We are investigating.

0 Kudos
Timothy_Hall
Champion
Champion
‎2018-02-17 06:36 AM
In response to Christophe_SIEB

You must have taken these most recent screenshots/statistics on your firewall (not SMS as mentioned earlier in this thread) or you are running standalone.  You may want to start a different thread to avoid confusion as use of memory is quite different on a SMS vs. firewall.

wstlsd handles HTTPS negotiations associated with HTTPS Inspection (if enabled) or the "Categorize HTTPS Sites" checkbox if it is set.  It is normal for these processes to use a fair amount of memory.  There are two of them so it appears you have 2 Firewall Worker cores, which probably indicates your firewall has a total of 2 physical cores (at least with the default settings).  I'm guessing you have a 5100-5400, please confirm.

You have 8GB of RAM being reported, please confirm that Gaia is running in 64-bit mode.

The 1385 being reported by free -m indicates that at some point the firewall dipped into swap space (probably during a policy install) but does not mean the firewall is actively swapping right now (wa being 0.0% is a good indication that it is not).  Use sar -W to determine this for sure, and please see my posts about it in this thread:

Healthcheck script results 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Christophe_SIEB
Participant
‎2018-02-17 10:46 AM
In response to Timothy_Hall

Thank you Tim, I started a new thread https://community.checkpoint.com/thread/6930-why-is-memory-swapping-on-the-gateway and gave answers to your questions. I'm very new to Check Point product (but already bought your very useful book). Will execute healthcheck script next week to have more ideas about what's going on and to know if we are properly tuned.

0 Kudos
Dmitriy_Chazov
Contributor
‎2018-07-10 11:26 PM

Hi all.
What configuration actions need to be configured to reduce the load on the device's memory.

I have 5400 included the following blades:

FW, AP, URL, Content Awareness, Monitoring
IPS, Anit-bot, Anti-virus, TE

Smart Event Server

Smart Event Correlation

 

I make a CheckUp

Thacks

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-10 11:58 PM
In response to Dmitriy_Chazov

Doesn't sound like you have a separate management appliance.

If that's the case, I would strongly consider moving management/SmartEvent off to a separate appliance or VM.

How much RAM is in your 5400?

0 Kudos
Dmitriy_Chazov
Contributor
‎2018-07-11 12:18 AM
In response to PhoneBoy

Yes, all on one device. There is no way to deploy separate management.

8GB

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-11 05:41 AM
In response to Dmitriy_Chazov

If you cannot break SmartEvent and Management off to a different system, I recommend adding additional RAM to your 5400.

0 Kudos
Dmitriy_Chazov
Contributor
‎2018-07-12 06:01 AM
In response to PhoneBoy

Thanks, but these options are not right for the moment

0 Kudos