Look at the following for any clues: $FWDIR/log/fwd.elg dmesg var/log/messages
Check for any log buffer full message. Also look at the cpd process. Do a cpstop and then look throgh ps -aux - grepping on 'fwd', 'cpd' in turn and see if there is any zombies? Kill them. What is 'fw ctl pstat' showing? Check to see if the hostname is mapped to the external IP? What is the status in 'df -k' - any partitions full, by chance? Something seems to be leaking? Has this firewall working ok for sometime and then developed these symptoms? or is it a new firewall? Rajeev On 5/10/05, cisco4ng <[EMAIL PROTECTED]> wrote: > > I have a problem that I am hoping users in this list > can help me with. > > I have a pair of Nokia IP740 running IPSO3.5FCS14 and > Checkpoint NG Feature Pack 3 with HFA_325. The Nokia > is running in Active/Standby mode and they are managed > by Provider-1 NG Feature Pack 3 as well. As far as the > hardware platform is concern, the Nokia IP740 has a > Pentium 3 1GHz processor with 1GB of RAM. I've increased > the number of concurrent connections from a default of > 25,000 to 100,000 connections from the CMA. > > I have a script on the firewall that notifies me every > 5 minutes the CPU usage, the number of connections > (forward & backward connections), packets/secconds across > each interfaces, fwd daemon status, etc... > > This morning the "Master" firewall has the CPU spiked to > 100%. A "ps -auxw" revealed that the fwd daemon takes about > 50% of the CPU; the SNMPD daemon takes about 20% and the "fw > tab -t connections -s" takes about 30% of the CPU usage. > The firewall came to a screeching halt. I don't have that > many connections going through the firewall either (< 1000 > connections). > > After disabling both the SNMP deamon and my script, I noticed > that the fwd daemon takes up 95% of the CPU. At the point, I > reboot the firewall; however, the CPU came back to 100% > utilization after the firewall came back online. > > Has anyone experience something similar like this before? > I have a TAC case opened with Nokia but they are completely > useless as always. Checkpoint TAC is the same way. Upgrading > to NG with AI is not an option for me. Nokia TAC told me to > disable the script because it runs "fw tab". The problem is that > if I disable the script and the firewall stops working, I won't know. > > Is there anyway for me to find out why the fwd daemon uses up so > much CPU? > > thanks guys. > > cisco4ng > > --------------------------------- > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your mobile phone. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Rajeev Gupta CISSP, CCMSE+VSX ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
