I just hit the same issue on a SPLAT R75.20 box. SmartView Monitor showed 3+ GB of Virtual Memory Active which seemed way high. A cpstop;cpstart on the firewall dropped the SmartView Monitor number to just over 1 GB and policies installed fine again. The box had been up for about 320 days.
> Date: Thu, 15 Nov 2012 17:08:28 +0000 > From: bruce.warring...@acxiom.com > Subject: Re: [FW-1] Load on memory error again and again > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > > I've run into the same problem at R71. Sometimes a reboot would clear out > memory leaks and let me push policy for a few weeks, but as it memory leaked > its way back up, I couldn't install policy again shortly thereafter. > Apparently at that point it was close to the default memory limit. I wasn't > doing IPS blade updates very often, but after doing my last IPS update about > 6 months ago, it wouldn't install policy at all, even after a clean reboot, > so that put it over the edge with whatever was added. > > Fixing the parameter in grub.conf to increase it to 512M, and rebooting, > fixed it for me. I can install policy without problems after that. What > I've noticed though is that the 512M parameter needs to be checked, as I've > lost that setting and had to add it back and reboot to be able to install > policy again. Not sure what specific work was done on the box that caused > grub.conf to be overwritten (we have a multiple engineers supporting > firewalls) but I just check it before bouncing the firewalls now, to make > sure it's still in there as my own (paranoid) verification after having it > disappear on some boxes. > > Note that going to R75 is supposed to change the default higher, so it > shouldn't require the manual change to keep it working, but I can't get an > upgrade window in on this customer for some time yet to validate that. > > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of a bv > Sent: Thursday, November 15, 2012 01:32 > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > Subject: [FW-1] Load on memory error again and again > > Hi, > > On an R70 SPLAT these days i started to get the load on memory error and fail > again the policy installation fails. I tried many times again and again but > couldnt done via Smartdashboard . I found a new sk on CP support and read > there and edited the grub.conf file to increase the vmalloc parameter from > 256 Mb to 512 MB. But since still cant easily reboot the only production > gateway i couldnt see if the parameter is really cahned and the policy > installation working now. (And also in the past when i see these kind of > errors and only reboot the machine for a time i dont get these errors). Also > still when it works still the policy installation phase is very long. I also > in the need of installaing the policy now both for changing some client IP > addresses and added a new GUI client IP which seems that it will work after i > install the policy. Also am i able to install policy from the shell with a > command ? Will it work and apply the latest changes to policy without a > problem? What ! > are your suggestions to fix these problems and situation? > > Regards > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, email > fw-1-ow...@ts.checkpoint.com ================================================= > *************************************************************************** > The information contained in this communication is confidential, is > intended only for the use of the recipient named above, and may be legally > privileged. > > If the reader of this message is not the intended recipient, you are > hereby notified that any dissemination, distribution or copying of this > communication is strictly prohibited. > > If you have received this communication in error, please resend this > communication to the sender and delete the original message or any copy > of it from your computer system. > > Thank You. > **************************************************************************** > > > Email secured by Check Point > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= Email secured by Check Point ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================