Hi,
We have some ‘freezes’/lock-outs with our DMZ firewall. This is a 12400 appliance for reference.
These instances happen at any time. There is no correlation at all with these events. Some have happened at 1am, and some have happened at 3pm.
The issue is that traffic does not pass through the firewall. TCPDUMP shows traffic hitting the inbound interface and not leaving the outbound interface.
Fw ctl debugs with various flags show no drops at all. The traffic disappears!
This is critically business impacting however, and the issue is only resolved with a CPSTOP and Start.
CPU utilisation during this time does not hit anything over 35% and memory nothing over 30%.
Checkpoint are puzzled. We have done various CPSizeMe’s and CPInfo’s and Checkpoint have verified the boxes are completely healthy and not overworking.
The box during this time is alive and well from a monitoring PoV. SmartDashboard sees it fine too.
The only other time this happens, and it’s the exact same symptoms is when we do a policy installation. However, the only difference is that this issue will self-rectify after 10/15 minutes (which is still not ideal of course)
Traffic after a policy installation will disappear in the firewall, and not leave the other side, with no logging or drop events.
Weirdly also, some services, in the same rule set, will come back sooner than others after a policy install. For example – Web Server A, B and C are all on rule 50. A and C will be accessible after 10 minutes’ish, but B will stay down for the next 15 minutes… which makes no sense at all.
So, in summary we have 2 scenarios: 1) Random occurrences which cause a complete loss in service from the firewall, only rectified with a CPSTOP and Start. 2) After a policy installation, which has exact same symptoms but will self-rectify.
Checkpoint are puzzled. Anyone else have any ideas?
This is business critical, and any suggestions would be greatly appreciated
Bookmarks