High memory utilization on Security Gateway during Anti-Virus scan of large files transferred over HTTP

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk107384
Product	Anti-Virus
Version	R77.20, R77.30
OS	SecurePlatform 2.6, Gaia, Crossbeam XOS, IPSO 6.2
Platform / Model	All
Date Created	21-Aug-2015
Last Modified	03-Sep-2019

Symptoms

SmartView Monitor shows high memory utilization on Security Gateway.
Output of "fw ctl pstat" command on Security Gateway shows high memory utilization in "System Capacity Summary" section ("above watermark").
Analysis of Connections Table on Security Gateway during the issue (using the ConnStat tool per sk85780) shows that Top Services are HTTP (port 80) and HTTPS (port 443).
Kernel memory leak procedure (sk35496) shows 0 bytes leak.
Output of "top" command / "ps auxw" command shows that memory consumption by WSTLSD process is high and constantly increases.
Traffic latency, CPU consumption and memory consumption are gradually increased.

Cause

The problem is experienced when Anti-Virus blade is enabled and there are long connections with many HTTP sessions with files transferred to Server and back.

HTTP connections with POST session has caused the above issue due to improper handling of a session information by the Anti-Virus blade - session was not closed until the entire connection has ended.

Solution

Note: To view this solution you need to Sign In .