Check_Point_Gaia_Web_GUI_Main_Interface_R77.30.png?resize=320%2C312&ssl=1Check_Point_Gaia_Web_GUI_Main_Interface_R77.30.png?resize=320%2C312&ssl=1During regular firewall health check , I found one Check Point firewall cluster has a abnormal virtual memory usage from System Counters – System History view.  The cluster is 5600 Security Appliance.

It looks the memory usage is going up significantly recently. There is no recent changes on hardware, software and configuration except normal firewall changes. I am afraid of Check Point gateway will freeze after this counter reached certain high number based on some SKs such as sk66482, sk110362,

sk35496 lists a bunch of methods how to detect memory leak. In my this specific case, the fix was simple, just installed a latest Jumbo Hotfix 205 for R77.30.

Sympotoms: 
Here are some screenshots I took from Smartview Monitor

Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C172&ssl=1Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C172&ssl=1
System Memory Going High for last 30 days

 

Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C174&ssl=1Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C174&ssl=1
System Memory Going High for six months

Solution:
Suggestion I got from Check Point is to apply latest Jumbo Hotfix 205 rather than existing Jumbo Hotfix 159.

Check_Point_Gaia_Web_GUI_CPUSE.png?resize=320%2C199&ssl=1Check_Point_Gaia_Web_GUI_CPUSE.png?resize=320%2C199&ssl=1
Install Latest Jumbo Hotfix from CPUSE

You may get some issues while installing your new patches/hotfixes. Here is what I met.

Check_Point_Gaia_Web_GUI_CPUSE_install_failed.png?resize=320%2C195&ssl=1Check_Point_Gaia_Web_GUI_CPUSE_install_failed.png?resize=320%2C195&ssl=1
Patch/Hotfix Installation Failed

I have to unintall Jumbo Hotfix 159 first. Unfortunately, uninstall Jumbo Hotfix 159 also failed from CPUSE.

Check_Point_Gaia_Web_GUI_CPUSE_uninstall_failed.png?resize=320%2C154&ssl=1Check_Point_Gaia_Web_GUI_CPUSE_uninstall_failed.png?resize=320%2C154&ssl=1
Uninstall Hotfix Failed

I had another post regarding “How to uninstall a CheckPoint Hotfix after a failed installation“. But in this case, the cause is hotfix for sk112829 is installed after Jumbo Hotfix 159 applied. After I uninstalled Hotfix for SK112829, uninstall Jumbo Hotfix 159 was able to complete. Also Installation Jumbo Hotfix 205 was successful too.

Check_Point_Gaia_Web_GUI_CPUSE_uninstall_success.png?resize=320%2C164&ssl=1Check_Point_Gaia_Web_GUI_CPUSE_uninstall_success.png?resize=320%2C164&ssl=1
Uninstall Successed

Waited a couple of days , I checked the used virtual memory is normal now.

Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C177&ssl=1Check_Point_Smartview_Monitor_System_Memory_goin.png?resize=320%2C177&ssl=1
Memory High Issue Fixed

Reference: