Line protocol down on SPLAT box

[fizzkakz]

Hi all,


Twice in the past two days I have had the same SPLAT gateway go unreachable. The first time I had someone on site reboot the server which did not fix the problem. He then noticed that the interface LEDs were not lit up. After reseating the cables the interfaces came up and we had restored connectivity. Looking at the logs on the switch connected to one of these interfaces that would not come up all I can see if line protocol going down and then being restored when the cable was reseated. This firewall is going to be decommissioned shortly as I was hoping I could put it down to a once off.

This same firewall has gone down again this morning. This is obviously a reoccurring problem which I am going to need to investigate. Can anyone offer any suggestions on what may be causing this fault? Where within the SPLAT can I find the appropriate logs that may indicate what is causing this problem?

Any help would be appreciated. Thanks!

[fizzkakz]

This appears to be a different problem. The SPLAT box had randomly dropped the route that allows us to manage it. I have seen this happen before with other static routes. Is this is a known issue?

[Thorpuse]

How are you managing your routes? Are you using sysconfig or have you created a rc.local file to add routes? If it's the latter, that's where your problem is - bad idea to do this....

[fizzkakz]

I always using sysconfig.

Is it possible I have unknowingly manipulated routes via the Dashboard or are they completed unrelated?

[Thorpuse]

Sounds like a different issue. I'd suspect a hardware/driver issue. What SPLAT and NGX version is it?

[fizzkakz]

Running SPLAT NGX R60 Build 244.

I have also suspected a hardware issue. I have noticed that when you login via ssh it displays the login prompt in a normal amount of time but sometimes takes up to ten seconds to display the password prompt. There is also a lengthy delay after typing in route and the route table being displayed. Could this point to a hardware issue? If so how can I diagnose it?

[fizzkakz]

I am also getting lengthy delays when typing netstat and other diagnostic commands on this device.

[jaskaran224]

You need to ensure, if the hardware on which you are running SPLAT is compatible.. Probably you can check the hardware and NIC compatibilty of various vendors on below link.

Check Point Software: SecurePlatform

[melipla]

Even if they are compatible, make sure that there are no interface errors in splat and on the switch, make sure the switch and splat report the same speed & duplex.

You can lose routes associated with a specific interface if you do something like "ifdown eth1". However I've never seen an interface disappear while the system is running.

[moaahk]

I think your case is exactly the same as my SPlats UTM 1050 appliance, one of the interface will go down at uncertain time, it totally random. When the interface gose down, all the route associate with the interface will disappear too.

I have contacted with check point, and they provided me a solution to reinstall the image on the appliance. But, this problem still can not be fixed.
We have to do RMA at last.

I think this could be a network card driver or hardware problem, because it alway happen on the same interface and when it happen, the SPlat box will also hang and we need to shutdown the appliance. But when the appliance come up, the interface will even disappear from "ifconfig -a" command.

[fizzkakz]

The thing that makes me suspect it is not a software incompatibility issue is that fact that I run four gateways with the exact same hardware, part for part. Every gateway is running the same version of SPLAT. But this issue only occurs on one of the gateways.