2012-11-28, 05:58
Hello all,

I would like to have your point of views about monitoring memory on checkpoint firewalls.

My problem is that there are several ways to fetch memory usage, but values are never the same...
For example, I take an IP390 running R71.30


HOST-RESOURCES-MIB::hrStorageDescr.1 = STRING: Real Memory
HOST-RESOURCES-MIB::hrStorageAllocationUnits.1 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageSize.1 = INTEGER: 255756
HOST-RESOURCES-MIB::hrStorageUsed.1 = INTEGER: 84039
HOST-RESOURCES-MIB::hrStorageAllocationFailures.1 = Counter32: 0

So memory used is 32.8%.

Through SSH :
"cpstat -f memory os" command :

Total Real Memory (Bytes): 1064894464
Active Real Memory (Bytes): 878485504

So memory used is 82.5%.

What a difference !!! (for information, on an other firewall I have the opposite, cpstat gives me a low value ans snmp gives me a high value).
Can I trust one of these 2 information ?

As the linux user I am, I think "top" command should be better, so I tried it :
"dmesg | grep memory" command :

avail memory = 1036251136 (988M bytes)
"top" command :

Mem: 242M Active, 489M Inact, 26M Wired, 127M Cache, 7440K Buf, 53M Free

I'm not used to these fields, does it mean "242M Active" is the memory really used ?
Or do we have a calculation to make (like a linux : active - cache - buffer) ?

Maybe I'm trying to compare oranges with apples, what I want is just to know which method is the best to monitor memory usage on my firewall...

Thanks for you help.

Robby Cauwerts
2012-11-28, 08:39
sk32206, "How to determine how much Free Memory is available on Linux/SecurePlatform systems"

Explains in detail the calculation of free/available memory.


2012-11-29, 04:02
Hello Robby and thank you for your help.

Unfortunately, my IP390 is an IPSO, not a Linux or SPLAT device.

So the following commands do not work :

free -k -t
snmpwalk -c public -v2c localhost . (OID not found)
cat /proc/meminfo

The only one which works is "cpstat -f memory os".

For information, I did a cpstop/cpstart, this device has only two devices attached and something like 40 rules, bandwidth is about 100Kbits/sec.
So the IP shouldn't be busy, am I wrong ?

"top" command tells me :
Mem: 242M Active, 490M Inact, 26M Wired, 127M Cache, 7502K Buf, 53M Free
So 24% seems to be used (based on Active value only, maybe I'm wrong)
"echo show useful-stats | iclid" tells me :
Real Memory Used 36%
So 36% seems to be used
"cpstat -f memory os" tells me :
Total Real Memory (Bytes): 1064894464
Active Real Memory (Bytes): 879591424
So 82% seems to be used

So the device is not busy, 2 commands tell me that the device is not busy, but cpstat doesn't agree.
Am I supposed to trust the value returned by cpstat ???

2012-11-29, 04:26
Ok, so SK39380 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk39380&js_peid=P-114a7bc3b09-10006&partition=General&product=IPSO) gave me the answer.

The "show useful-stats" seems to be the command to trust on IPSO devices.

A question will still be unanswered : Why SmartView Monitor gives us memory returned by "cpstat -f memory os" ???

I know this command works on both IPSO and SPLAT (unlike "show useful-stats" which only works on IPSO - clish command), but since value is wrong on IPSO, SmartDomain Manager should used appropriate command on appropriate system (shouldn't be that complicated to choose the command based on the firewall OS).