Issue: Unable to push policy to Checkpoint firewalls
Cause: memory leak issue
Symptom:
Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size
<Firewallname> kernel: printk: 29 messages suppressed.
<Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size
<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (92962728) failed
<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (93068568) failed
Resolution:
- Login to standby firewall
- Take a backup of /boot/grub/grub.conf
- Modify the vmalloc value from 256M to 512M or 768M for normal mode
Using VI editor
- Save the file using Esc+Shift+:
- Reboot the standby firewall
- Once standby firewall is up, verify the cluster status using
Cphaprob stat
- If cluster status is in active and standby
- Failover the traffic to rebooted device using below command
Clustexl_admin down
- Perform same procedure from 1 to 7.
- Failover the traffic back to original active device