I think this is resolved for the moment. I had to run kill -9 7221 (in.asessiond's PID. That respawned a in.asessiond with a new PID. Then in.httpd spiked the CPU. I killed this as well and now everything seems to be running normal. My CPU is back to around 3-5%.
I'm still wondering if the x.x.1 code is specific for encryption though. Does anyone have an idea on this. I'm not currently doing any VPN on this firewall as that is done at the enterprise level so if I don't need the x.x.1 IPSO I will fallback to 3.8 Thanks all. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Mark Senior Sent: Tuesday, June 21, 2005 3:32 PM To: [email protected] Subject: Re: [FW-1] FW: [FW-1] URGENT - IP530 with high CPU utilization If it's blocking the default signal from kill (SIGTERM, I think), you'd need to kill it good & dead with a SIGKILL - probably: kill -KILL <pid> That's from the OpenBSD manual , you might want to check your local man pages. > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Quick, Richard A. > Sent: June 21, 2005 11:59 > To: [email protected] > Subject: Re: [FW-1] FW: [FW-1] URGENT - IP530 with high CPU > utilization > > I ran "kill 7221", 7221 was the in.asessiond PID, from the > cli and it gave no error. When I run ps -aux though the time > is the same as before the kill. I was expecting to see a > time of a few seconds or so. I also didn't see anything in > the asessiond.elg or system log about the process being > killed and respawn. Did I use the correct syntax? > > My main reason for 3.8.1 was the securexl enhancements. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of DIOTTE, SHANNON S > Sent: Tuesday, June 21, 2005 1:33 PM > To: [email protected] > Subject: Re: [FW-1] FW: [FW-1] URGENT - IP530 with high CPU > utilization > > ...and there were other reasons to use 3.8.1 with no encrypt card: > Support for RIP in VRRP Environment. > > -----Original Message----- > From: DIOTTE, SHANNON S > Sent: Tuesday, June 21, 2005 12:31 PM > To: 'Mailing list for discussion of Firewall-1' > Subject: RE: [FW-1] FW: [FW-1] URGENT - IP530 with high CPU > utilization > > > I have a few that run 3.8.1 B28 without the encrypt card and have no > issues like high CPU utilization. Have you killed the process yet? > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Quick, > Richard A. > Sent: Tuesday, June 21, 2005 10:58 AM > To: [email protected] > Subject: [FW-1] FW: [FW-1] URGENT - IP530 with high CPU utilization > > > Can any more of the Guru's confirm this? > > Richard, > > I may have your answer on the whole 3.8 vs. 3.8.1 (3.7 & 3.7.1, etc). > It is my understanding (and I could be wrong here) that > unless you have > the "Nokia Encrypt Card" you do not need the "x.x.1" IPSO. I > thought I > saw it posted here before that the ".1" IPSO line simply provided the > needed drivers for the Nokia Encrypt Card. It's been a while > since I've > purchased hardware accelerators (I think those where the LUNA cards), > but those were simply a separate driver download and package install. > So you might want to think about staying away from the ".1" IPSO line > unless you know for sure you need it. > > This link requires a Nokia login and is posted for the IP1200, but > that's only because when I searched for the difference it was > the first > to pop up. (I think if I take the time to look it would be similar to > the IP530 models) > > https://support.nokia.com/security_platforms/docs/supplement/I > P1200-Encr > yptCard-Supp_N451076001a.pdf > <https://support.nokia.com/security_platforms/docs/supplement/ > IP1200-Enc > ryptCard-Supp_N451076001a.pdf> > Page 6. > > Good luck! > > Kevin > > > > > "Quick, Richard A." <[EMAIL PROTECTED]> > Sent by: Mailing list for discussion of Firewall-1 > <[email protected]> > > 06/21/2005 10:02 AM > > Please respond to > Mailing list for discussion of Firewall-1 > <[email protected]> > > To > > [email protected] > > cc > > > > Subject > > Re: [FW-1] URGENT - IP530 with high CPU uilization > > > > > > > > > > > When you say session authentication, do you mean as in an action type? > I don't currently have any rules with session auth. > > Somehow I think this is related to the 3.8.1 033 code. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of DIOTTE, > SHANNON S > Sent: Tuesday, June 21, 2005 10:51 AM > To: [email protected] > Subject: Re: [FW-1] URGENT - IP530 with high CPU uilization > > It's the session auth daemon, kill it and it should respawn (if not, > stop and start the firewall if you need that process). If it's still > sucking all the CPU, edit the fwauthd.conf and comment out the process > (if you don't need it),then stop and start the firewall for > the changes > to take. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Quick, > Richard A. > Sent: Tuesday, June 21, 2005 8:56 AM > To: [email protected] > Subject: [FW-1] URGENT - IP530 with high CPU uilization > > > I have a Nokia IP530 running IPSO 3.8.1 033, NG AI R55 HFA_03, Around > 1300 yesterday the cpu went to 100% where it normally runs > around 3%-5%. > A show processes through the CLI is showing that in.asession > is running > at 97%-98%. The process has the longest time of any other > listed so I'm > guessing that it is started with the appliance. Does anyone know what > may be causing this? Has anyone else seen this in 3.8.1 033 or any > other version? > > Thanks, > > Rick > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
