When you failed over to the other firewall, was it doing the same thing? I assume both are synced and configured the same. If the second one isn't experiencing the same problem when it is primary, I'd say it's some kind of HW issue.
Wally Hughes --- cisco4ng <[EMAIL PROTECTED]> wrote: > I have a problem that I am hoping users in this list > can help me with. > > I have a pair of Nokia IP740 running IPSO3.5FCS14 > and > Checkpoint NG Feature Pack 3 with HFA_325. The > Nokia > is running in Active/Standby mode and they are > managed > by Provider-1 NG Feature Pack 3 as well. As far as > the > hardware platform is concern, the Nokia IP740 has a > Pentium 3 1GHz processor with 1GB of RAM. I've > increased > the number of concurrent connections from a default > of > 25,000 to 100,000 connections from the CMA. > > I have a script on the firewall that notifies me > every > 5 minutes the CPU usage, the number of connections > (forward & backward connections), packets/secconds > across > each interfaces, fwd daemon status, etc... > > This morning the "Master" firewall has the CPU > spiked to > 100%. A "ps -auxw" revealed that the fwd daemon > takes about > 50% of the CPU; the SNMPD daemon takes about 20% and > the "fw > tab -t connections -s" takes about 30% of the CPU > usage. > The firewall came to a screeching halt. I don't > have that > many connections going through the firewall either > (< 1000 > connections). > > After disabling both the SNMP deamon and my script, > I noticed > that the fwd daemon takes up 95% of the CPU. At the > point, I > reboot the firewall; however, the CPU came back to > 100% > utilization after the firewall came back online. > > Has anyone experience something similar like this > before? > I have a TAC case opened with Nokia but they are > completely > useless as always. Checkpoint TAC is the same way. > Upgrading > to NG with AI is not an option for me. Nokia TAC > told me to > disable the script because it runs "fw tab". The > problem is that > if I disable the script and the firewall stops > working, I won't know. > > Is there anyway for me to find out why the fwd > daemon uses up so > much CPU? > > thanks guys. > > cisco4ng > > > --------------------------------- > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your > mobile phone. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
