CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

  1. #1
    Join Date
    2011-07-13
    Posts
    6
    Rep Power
    0

    Default SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Hi,

    A long time ago, we sold customer a Secureltform installed R65 and 3 IP390 which were clustered and installed IPSO4.2 and NGXR65. Everything were working good.

    This year customer purchased a new SMS using R77.30 and this sms management these 3 IP390. When they installed policy to these 3 IP390, IP390 usually crashed. When crashed, I can't open Voyager and there is no console response. The only way to recover is to power off and power up the IP390.

    Is R77.30 can install policy to R65 ?

    IP390 installed with 1GB DRAM. Is it possible DRAM too small to handle R77.30 installed file ?

    Any suggestion ?

    Many Thanks!
    Todd

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Quote Originally Posted by todd9826 View Post
    Hi,

    A long time ago, we sold customer a Secureltform installed R65 and 3 IP390 which were clustered and installed IPSO4.2 and NGXR65. Everything were working good.

    This year customer purchased a new SMS using R77.30 and this sms management these 3 IP390. When they installed policy to these 3 IP390, IP390 usually crashed. When crashed, I can't open Voyager and there is no console response. The only way to recover is to power off and power up the IP390.

    Is R77.30 can install policy to R65 ?

    IP390 installed with 1GB DRAM. Is it possible DRAM too small to handle R77.30 installed file ?

    Any suggestion ?

    Many Thanks!
    Todd
    Make sure the Monitoring blade is disabled on the firewall objects representing the Nokias, I seem to recall stability problems with the rtm kernel driver on IPSO at one point. 1GB RAM will be tight, try disabling all blades except "Firewall" on the firewall object and see if your policy push succeeds.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,634
    Rep Power
    9

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Quote Originally Posted by todd9826 View Post
    Hi,

    A long time ago, we sold customer a Secureltform installed R65 and 3 IP390 which were clustered and installed IPSO4.2 and NGXR65. Everything were working good.

    This year customer purchased a new SMS using R77.30 and this sms management these 3 IP390. When they installed policy to these 3 IP390, IP390 usually crashed. When crashed, I can't open Voyager and there is no console response. The only way to recover is to power off and power up the IP390.

    Is R77.30 can install policy to R65 ?

    IP390 installed with 1GB DRAM. Is it possible DRAM too small to handle R77.30 installed file ?

    Any suggestion ?

    Many Thanks!
    Todd
    I'm pretty sure the release notes or something says R77.30 requires 2gig of ram. Maybe its in R77 notes. I don't remember if IP390 has a real hard disk or not. If its flash your only hope is to maybe disable stuff that isn't used in $FWDIR/conf/fwauthd.conf or to put 2 gig of ram in it if it will take it.

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,634
    Rep Power
    9

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    oh sorry i misread. I was thinking R77.30 on IPSO. You clearly have R65 on ipso.

    Could be CPD and / or FWD need to be restarted. Might be easier to just reboot. However if the system is diskless then most likely it would need 2 gig of ram or to just be replaced depending on how big the policy is.

  5. #5
    Join Date
    2011-07-13
    Posts
    6
    Rep Power
    0

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Quote Originally Posted by ShadowPeak.com View Post
    Make sure the Monitoring blade is disabled on the firewall objects representing the Nokias, I seem to recall stability problems with the rtm kernel driver on IPSO at one point. 1GB RAM will be tight, try disabling all blades except "Firewall" on the firewall object and see if your policy push succeeds.
    Hi,

    Thanks for the information. I had confirm the monitor blade is disabled and only Firewall blade is enabled.

    May I ask if we upgrade RAM to 2 GB, is there any action we should take care ? Like RAM size is different and hash value is wrong and cluster can't join. etc.. Thanks !

    Todd

  6. #6
    Join Date
    2011-07-13
    Posts
    6
    Rep Power
    0

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Quote Originally Posted by jflemingeds View Post
    oh sorry i misread. I was thinking R77.30 on IPSO. You clearly have R65 on ipso.

    Could be CPD and / or FWD need to be restarted. Might be easier to just reboot. However if the system is diskless then most likely it would need 2 gig of ram or to just be replaced depending on how big the policy is.
    Hi,

    Thank you for suggestion.

    Yes, IP390 is R65 on ipso4.2.

    When crashed, we can't connect to voyager and console was no response. So we can't restart CPD or FWD. These IP390s are disk based. Directly Power off is very harmful to device. We want to find any Checkpoint information that can prove that push policy come from sms with version R77.30 then IP390 should install at least 2GB RAM.

    Todd

  7. #7
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: SMS R77.30 install policy to IP390 (R65 and IPSO4.2) crashed

    Quote Originally Posted by todd9826 View Post
    Hi,

    Thanks for the information. I had confirm the monitor blade is disabled and only Firewall blade is enabled.

    May I ask if we upgrade RAM to 2 GB, is there any action we should take care ? Like RAM size is different and hash value is wrong and cluster can't join. etc.. Thanks !

    Todd
    Sounds to me like you need to upgrade to 2GB of RAM for sure then, if R65 doesn't work with 1GB of RAM I'm pretty sure R77.30 won't either.

    No special steps you need to take after adding the extra RAM. The symptom you're reporting of not being able to manage the device via SSH/Web after installing sure sounds like a memory shortage to me.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Similar Threads

  1. Nokia IP390 IPSO fresh Install
    By avilT in forum Installing And Upgrading
    Replies: 5
    Last Post: 2012-03-01, 11:34
  2. IP390 IPSO Install Issue
    By v33dubya in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 14
    Last Post: 2010-07-13, 03:08
  3. cpinst error: initial config after install on nokia IPSO4.2
    By david.bunn@mcms.com.au in forum Installing And Upgrading
    Replies: 4
    Last Post: 2008-01-28, 18:15
  4. IP390 IPSO4.2 with NGX R62
    By yclee1981 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 4
    Last Post: 2007-10-25, 07:50
  5. Nokia IP390 NGX R61 install
    By paprichaat in forum Installing And Upgrading
    Replies: 3
    Last Post: 2006-11-09, 10:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •