Checkpoint-Memoryleak-Issues-due to VMalloc

Issue: Unable to push policy to Checkpoint firewalls

Cause: memory leak issue

Symptom: 

Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size

<Firewallname> kernel: printk: 29 messages suppressed.

<Firewallname> kernel: allocation failed: out of vmalloc space – use vmalloc=<size> to increase size

<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (92962728) failed

<Firewallname> kernel: [fw_0];FW-1: h_getvals: fw_kmalloc (93068568) failed

Resolution:

  1. Login to standby firewall
  2. Take a backup of /boot/grub/grub.conf
  3. Modify the vmalloc value from 256M to 512M or 768M for normal mode

Using VI editor

  1. Save the file using Esc+Shift+:
  2. Reboot the standby firewall
  3. Once standby firewall is up, verify the cluster status using

Cphaprob stat

  1. If cluster status is in active and standby
  2. Failover the traffic to rebooted device using below command

Clustexl_admin down

  1. Perform same procedure from 1 to 7.
  2. Failover the traffic back to original active device

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s