Nokia IP390 Firewalls simply hang

[linkstate]

Good Morning to all you folks.


I have a strange situation happening.

I have two redundant nokia appliances running in Active / Standby mode.

From now and then they tend to just stop at all and none of them replies even to a console connection.

Has this ever happened to you guys ? The only thing I see that can cause this kind of effect (the two appliances simply hang) is the failover cable, because it's a common factor to both firewalls.

All the information found relevant after rebooting the devices was this
"

login: Aug 20 15:43:46 ctdfw01 [LOG_ERR] xfer_crash: A kernel crash exists but cannot be transferred. Remote dump server not configured or configured with TFTP protocol. Run savecore -r command manually.
CPHA : Getting into preconfigured mode...
vpn1 driver loadable interface called."

Could anyone shed some light into these events ?


Best Regards,

[msjouw]

Another common factor is the version of IPSO being 4.2?
Had similar issues, crashing firewalls no apparent reason, just install them clean with 4.1 and your problems are over.

[abusharif]

Hi,

1) Doublecheck that in Smartdefense settings Aggressive Aging is off
2) If this doesnt help look for SecureXL error messages in the logs.
3) Does hand occur on random hours of the day or specific time period for each crash?

[linkstate]

Quote:

Originally Posted by abusharif

Hi,

1) Doublecheck that in Smartdefense settings Aggressive Aging is off
2) If this doesnt help look for SecureXL error messages in the logs.
3) Does hand occur on random hours of the day or specific time period for each crash?

3) It happens almost every day around 3 AM...


Also, before it hangs up completely we get the following console output:

"Aug 21 02:59:15 [LOG_NOTICE] snmpd: Updating physical contents table."

[abusharif]

Quote:

Originally Posted by linkstate

3) It happens almost every day around 3 AM...


Also, before it hangs up completely we get the following console output:

"Aug 21 02:59:15 [LOG_NOTICE] snmpd: Updating physical contents table."

my memory serves me bad at the moment but I had similar issues. It was almost every day at arround 01:00. In my case it was Smartview monitor.
Try disabling Smartview monitor from the gateway object (checkbox), push policy and let it go for day or two and you will see if this helped.

Not sure how i solved it at last (since i activated monitor afterwards again) and didnt have any issues.

[th0i3]

Abu may be right as you may be hitting a bug with RTM.

run the following command. This will crash your firewall.

rtm monitor -k ip -v pkt dir=in acc=sum -v pkt dir=out acc=sum -v pkt acc=sum sort=bottom -i 10

If your firewall crashes, this means you hit the RTM bug. If not, focus elsewhere.