Checkpoint-Memoryleak-Issues-due to VMalloc

Raghavendra Seshumurthy

Issue: Unable to push policy to Checkpoint firewalls

Cause: memory leak issue

Symptom: 

Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size

<Firewallname> kernel: printk: 29 messages suppressed.

<Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size

<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (92962728) failed

<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (93068568) failed

Resolution:

  1. Login to standby firewall
  2. Take a backup of /boot/grub/grub.conf
  3. Modify the vmalloc value from 256M to 512M or 768M for normal mode

Using VI editor

  1. Save the file using Esc+Shift+:
  2. Reboot the standby firewall
  3. Once standby firewall is up, verify the cluster status using

Cphaprob stat

  1. If cluster status is in active and standby
  2. Failover the traffic to rebooted device using below command

Clustexl_admin down

  1. Perform same procedure from 1 to 7.
  2. Failover the traffic back to original active device

Published by Raghavendra Seshumurthy

My name is Raghavendra Seshumurthy. Presently I am working as a technolgy manager for Microland Organization. I have experience on security/cloud products: F5, Checkpoint, ASA, PA, AWS, Bluecoat, VPN, PITC, Zscaler, Azure, GCP, network, security, cloud. This blog is created just to share thoughts on new technologies and features in the network, security and cloud environment.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s