Support Center > Search Results > SecureKnowledge Details
Memory consumption on Security Gateway with enabled Anti-Virus blade increases during inspection of CIFS traffic
Symptoms
  • Anti-Virus inspection of CIFS traffic is enabled on the Security Gateway (per sk101606).

  • Memory consumption on Security Gateway increases during inspection of CIFS traffic
    (as can be seen in SmartView Monitor, output of "fw ctl pstat" command, "cat /proc/meminfo" command, etc.).

  • Output of memory leak detection procedure (per sk35496) shows:
    ;fw_drv_fini: N bytes allocated by 'range_create' leaked at ... allocation time ...
    ;Starting SMEM allocations report
    ;FW-1: Leak in: range_create: hmem_bytes ...
    ;Ended SMEM allocations report

Solution

Check Point offers a hotfix for this issue for R77.30 Security Gateway on Gaia OS, SecurePlatform OS, and X-Series XOS.

Note: Anti-Virus inspection of CIFS traffic is disabled by default and requires manual configuration (per sk101606).

 

Click Here to Show Entire Article

 

Installation instructions

  • Hotfix package for R77.30 - Gaia OS using CPUSE (Check Point Update Service Engine)

    • Online installation

      1. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
      2. Select the hotfix package R77.30 Hotfix for sk106334 (Memory consumption during Anti-Virus inspection of CIFS traffic) - click on Install Update button on the toolbar.
      3. The machine will automatically reboot. There is no need to reboot or run cpstop manually.


    • Offline installation

      OS R77.30
      Gaia - CPUSE

    Notes:



  • Hotfix package for R77.30 - Gaia OS (manual installation in Command Line)

    OS R77.30
    Gaia - CLI

    Procedure:

    1. Hotfix has to be installed on R77.30 Security Gateway running on Gaia OS.
    2. Download the relevant hotfix package from the table, transfer the hotfix package to the machine and unpack it:
      [Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.30_Gaia_sk106334.tgz
    3. Install the hotfix:
      [Expert@HostName]# ./UnixInstallScript
      Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
    4. Reboot is required.

    Notes:

    • Make sure to take a snapshot of your Check Point machine before installing this hotfix.
    • In cluster environment, this procedure must be performed on all members of the cluster.


  • Hotfix package for R77.30 - SecurePlatform OS / X-Series XOS

    OS R77.30
    SecurePlatform / XOS - CLI

    Procedure:

    1. Download the relevant hotfix package from the table, transfer the hotfix package to the machine and unpack it:
      [Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.30_Linux_sk106334.tgz
    2. Install the hotfix:
      [Expert@HostName]# ./UnixInstallScript
      Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
    3. Reboot is required.

    Notes:

    • Make sure to take a snapshot of your Check Point machine running on SecurePlatform OS before installing this hotfix.
    • In cluster environment, this procedure must be performed on all members of the cluster.

 

Uninstall instructions

  • On Gaia OS using CPUSE (Check Point Update Service Engine)

    1. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
    2. Select Installed in the menu near the Help icon.
    3. Select the hotfix package R77.30 Hotfix for sk106334 (Memory consumption during Anti-Virus inspection of CIFS traffic) - click on More button on the toolbar - click on Uninstall.
      Example:
    4. Reboot is required.

    Notes:



  • On Gaia OS, SecurePlatform OS, and X-Series XOS

    1. Download and unpack the hotfix package (refer to the "Installation instructions" (manual installation in Command Line) above).
    2. Run the installation script with "-u" flag:
      # ./UnixInstallScript -u
    3. Reboot is required.

    Note: In cluster environment, this procedure must be performed on all members of the cluster.
Applies To:
  • 01685214 , 01687428 , 01688397 , 01693432

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment