Hi Lars, That's exact isssue I am seeing. When SIC is broken, cpd on the firewall is running at 99% cpu. I did not have this issue with Enforcement module on 2.4 kernel. Is there an Checkpoint sk for this? Thanks.
Lars Troen <[EMAIL PROTECTED]> wrote: Is your cpd using lotsa cpu? It seems that if you use SmartCenter SPLAT 2.4 kernel to manage a SPLAT 2.6 gateway you might run into an issue where cpd on the SPLAT 2.6 runs at 99% cpu utilization thus broken SIC between the SmartCenter and the gw. Lars -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Friday, May 16, 2008 2:05 PM To: [email protected] Subject: [FW-1] Checkpoint SIC trouble. Urgent help please!!!! Have a situation: a pair of IBM 3650 dual quad-core processors 3.16 Ghz with 4GB RAM running in ClusterXL Active/Active Unicast mode. The Checkpoint software is NGx R65 2.6 kernel This firewall pair is being managed by Provider-1 NGx R65 2.4 kernel with HFA_02 running on a Dell 2850 dual processors 3.06 Ghz with 8GB RAM. Logs on the firewalls are being sent to a Provider-1 MLM and a standalone CLM. Provider-1 is NGx R65 with HFA_02 on 2.4 kernel. The stand-alone CLM is NGx R65 2.6 kernel on a Dell 2950-III box. Everything is running checkpoint 30 days eval license. I have about 300 rules in the security policy. I pushed policy to the pair of firewalls. Everything is working fine and I get no errors when pushing policy to the firewall I have a couple of QoS rule in the QoS policy. I see NO errors when pushing policy to the firewalls. At this point I start pushing about 900Mbps between the Iperf client/server through the firewall. Here are two issues I have: 1- In SmartView Monitor, it tells me that I hav NO QoS policy installed on gw1 and gw2, 2- After every two hours, I lose SIC either to the gw1 or gw2 firewall. I verified this by performing "test SIC" in the cluster members. When I pushed policy to the firewall, it tells me that policy push failed either to gw1 or gw2 member. The only way for me to fix is to re-SIC and reboot the firewall and re-establish SIC with the Provider-1 CMA. Is this a bug in Checkpoint or something? My setup is a very simple one. Comment anyone? Thanks. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
