Monday, April 17, 2017

Check Point Firewall Memory Issue

During regular firewall health check , I found one Check Point firewall cluster has a abnormal virtual memory usage from System Counters - System History view.  The cluster is 5600 Security Appliance.

It looks the memory usage is going up significantly recently. There is no recent changes on hardware, software and configuration except normal firewall changes. I am afraid of Check Point gateway will freeze after this counter reached certain high number based on some SKs such as sk66482, sk110362,

sk35496 has a bunch of methods to detect memory leak. In my this case, the fix was simple, just installed a latest Jumbo Hotfix 205 for R77.30.

Here are some screenshots I took from Smartview Monitor
Last 30 Days

Last 6 Months

Suggestion I got from Check Point is to apply latest Jumbo Hotfix 205 rather than existing Jumbo Hotfix 159.

Install Latest Jumbo Hotfix from CPUSE

 I have to unintall Jumbo Hotfix 159 first. Unfortunately, uninstall Jumbo Hotfix 159 failed from CPUSE.
Installation Failure
Uninstall Hotfix Failed

I had another post regarding "How to uninstall a CheckPoint Hotfix after a failed installation". But in this case, the cause is hotfix for sk112829 is installed after Jumbo Hotfix 159 applied. After I uninstalled Hotfix for SK112829, uninstall Jumbo Hotfix 159 was able to complete. Also Installation Jumbo Hotfix 205 was successful too.

Waited a couple of days , I checked the used virtual memory is normal now.
Check Point Firewall System Counters History

Security Gateway freezes due to memory leak (simi_mem_halloc , uc_hits_htab , uc_cache_htab)
Memory leak on loaded Security Gateway with UserCheck rules in the policy
Memory usage constantly increases on Security Gateway without results from memory leak detection procedure (sk35496)

No comments:

Post a Comment