Support Center > Search Results > SecureKnowledge Details
Kernel memory is 100% used when Application Control is enabled
Symptoms
  • The memory of the Security Gateway is full due to Kernel memory, when Application Control is enabled
    [Expert@admin]# fw ctl pstat
    System Capacity Summary:
    Memory used: 100% (17877 MB out of 17877 MB) - above watermark
    Concurrent Connections: 3% (7249 out of 199900) - below watermark
  • All web connections are originated from an internal proxy server.
  • In VSX environment, the "Virtual memory used" reaches 100%:
    [Expert@admin:2]# fw ctl pstat
    Virtual System Capacity Summary:
    Physical memory used: 48% (4300 MB out of 8899 MB) - below watermark
    Kernel memory used: 5% (487 MB out of 8803 MB) - below watermark
    Virtual memory used: 100% (4014 MB out of 4014 MB) - above watermark

  • When clearing the connections table, the kernel memory is released.
    To clear the connections table:
    [Expert@admin]# fw tab -t 8158 -x -y
    Note: Clearing the connections table causes a short outage while the connections are being re-established.
  • Clearing only the connections originated from the proxy server reduces the memory consumption of the kernel as well.
Cause

An unlimited amount of non-compliant HTTP responses causing the kernel memory to be full.


Solution
Note: To view this solution you need to Sign In .