Re: [FW-1] Load on memory error again and again
I've run into the same problem at R71. Sometimes a reboot would clear out memory leaks and let me push policy for a few weeks, but as it memory leaked its way back up, I couldn't install policy again shortly thereafter. Apparently at that point it was close to the default memory limit. I wasn't doing IPS blade updates very often, but after doing my last IPS update about 6 months ago, it wouldn't install policy at all, even after a clean reboot, so that put it over the edge with whatever was added. Fixing the parameter in grub.conf to increase it to 512M, and rebooting, fixed it for me. I can install policy without problems after that. What I've noticed though is that the 512M parameter needs to be checked, as I've lost that setting and had to add it back and reboot to be able to install policy again. Not sure what specific work was done on the box that caused grub.conf to be overwritten (we have a multiple engineers supporting firewalls) but I just check it before bouncing the firewalls now, to make sure it's still in there as my own (paranoid) verification after having it disappear on some boxes. Note that going to R75 is supposed to change the default higher, so it shouldn't require the manual change to keep it working, but I can't get an upgrade window in on this customer for some time yet to validate that. -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of a bv Sent: Thursday, November 15, 2012 01:32 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Load on memory error again and again Hi, On an R70 SPLAT these days i started to get the load on memory error and fail again the policy installation fails. I tried many times again and again but couldnt done via Smartdashboard . I found a new sk on CP support and read there and edited the grub.conf file to increase the vmalloc parameter from 256 Mb to 512 MB. But since still cant easily reboot the only production gateway i couldnt see if the parameter is really cahned and the policy installation working now. (And also in the past when i see these kind of errors and only reboot the machine for a time i dont get these errors). Also still when it works still the policy installation phase is very long. I also in the need of installaing the policy now both for changing some client IP addresses and added a new GUI client IP which seems that it will work after i install the policy. Also am i able to install policy from the shell with a command ? Will it work and apply the latest changes to policy without a problem? What ! are your suggestions to fix these problems and situation? Regards = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = *** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. Email secured by Check Point = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] Load on memory error again and again
I just hit the same issue on a SPLAT R75.20 box. SmartView Monitor showed 3+ GB of Virtual Memory Active which seemed way high. A cpstop;cpstart on the firewall dropped the SmartView Monitor number to just over 1 GB and policies installed fine again. The box had been up for about 320 days. Date: Thu, 15 Nov 2012 17:08:28 + From: bruce.warring...@acxiom.com Subject: Re: [FW-1] Load on memory error again and again To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM I've run into the same problem at R71. Sometimes a reboot would clear out memory leaks and let me push policy for a few weeks, but as it memory leaked its way back up, I couldn't install policy again shortly thereafter. Apparently at that point it was close to the default memory limit. I wasn't doing IPS blade updates very often, but after doing my last IPS update about 6 months ago, it wouldn't install policy at all, even after a clean reboot, so that put it over the edge with whatever was added. Fixing the parameter in grub.conf to increase it to 512M, and rebooting, fixed it for me. I can install policy without problems after that. What I've noticed though is that the 512M parameter needs to be checked, as I've lost that setting and had to add it back and reboot to be able to install policy again. Not sure what specific work was done on the box that caused grub.conf to be overwritten (we have a multiple engineers supporting firewalls) but I just check it before bouncing the firewalls now, to make sure it's still in there as my own (paranoid) verification after having it disappear on some boxes. Note that going to R75 is supposed to change the default higher, so it shouldn't require the manual change to keep it working, but I can't get an upgrade window in on this customer for some time yet to validate that. -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of a bv Sent: Thursday, November 15, 2012 01:32 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Load on memory error again and again Hi, On an R70 SPLAT these days i started to get the load on memory error and fail again the policy installation fails. I tried many times again and again but couldnt done via Smartdashboard . I found a new sk on CP support and read there and edited the grub.conf file to increase the vmalloc parameter from 256 Mb to 512 MB. But since still cant easily reboot the only production gateway i couldnt see if the parameter is really cahned and the policy installation working now. (And also in the past when i see these kind of errors and only reboot the machine for a time i dont get these errors). Also still when it works still the policy installation phase is very long. I also in the need of installaing the policy now both for changing some client IP addresses and added a new GUI client IP which seems that it will work after i install the policy. Also am i able to install policy from the shell with a command ? Will it work and apply the latest changes to policy without a problem? What ! are your suggestions to fix these problems and situation? Regards = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = *** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. Email secured by Check Point = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html
