The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Kernel memory is 100% used when Application Control is enabled
| Solution ID |
sk117914 |
| Product |
Application Control, Security Gateway |
| Version |
R77.30 |
| OS |
Gaia |
| Platform / Model |
All |
| Date Created |
19-Jun-2017
|
| Last Modified |
20-Jun-2017
|
Symptoms
- The memory of the Security Gateway is full due to Kernel memory, when Application Control is enabled
[Expert@admin]# fw ctl pstat
System Capacity Summary:
Memory used: 100% (17877 MB out of 17877 MB) - above watermark
Concurrent Connections: 3% (7249 out of 199900) - below watermark
- All web connections are originated from an internal proxy server.
- In VSX environment, the "Virtual memory used" reaches 100%:
[Expert@admin:2]# fw ctl pstat
Virtual System Capacity Summary:
Physical memory used: 48% (4300 MB out of 8899 MB) - below watermark
Kernel memory used: 5% (487 MB out of 8803 MB) - below watermark
Virtual memory used: 100% (4014 MB out of 4014 MB) - above watermark
- When clearing the connections table, the kernel memory is released.
To clear the connections table:
[Expert@admin]# fw tab -t 8158 -x -y
Note: Clearing the connections table causes a short outage while the connections are being re-established.
- Clearing only the connections originated from the proxy server reduces the memory consumption of the kernel as well.
Cause
An unlimited amount of non-compliant HTTP responses causing the kernel memory to be full.
Solution
|
Note: To view this solution you need to
Sign In
.
|
