One year later…again millions of zero-byte files?

Almost a year ago I ran into the CPUSE timeout issue when Saving File Permissions. Last week I ran into a similar problem when creating a snapshot of the same VSX gateway. In a year time this VSX gateway received some newer Jumbo Hotfixes and at this point Jumbo Hotfix Take 286 (GA) was installed. I’ve never received a hotfix from TAC when I had the CPUSE issue back then.  We only had the workaround with manually deleting the temporary files in/opt/CPshrd-R77/CTX/CTX00001/tmp/. So might it be possible the snapshot and CPUSE issues are caused by the same problem?

Continue reading “One year later…again millions of zero-byte files?”

R80.10: fw monitor – new inspection points (eE)

Earlier today a colleague found out that when he used fw monitor on R80.10 he saw two extra inspection points in the output. For years we’ve all seen iIoO but since R80.10 there is eE too! We’ve tried to find documentation about it but basically this is still undocumented.

[vs_0][fw_1] eth1:i[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth1:I[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth3:o[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth3:O[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_0] eth3:e[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_0] eth3:E[212]: -> (TCP) len=212 id=28330
TCP: 3421 -> 443

We expected the e’s would have something to do with encryption.

Continue reading “R80.10: fw monitor – new inspection points (eE)”

R80.10: Automatic Proxy ARP with Manual NAT rules

When releases like R80.10 hit the spotlights there will always be new features that don’t get immediate attention.

Something that changes with R80.10 is the new ability to enable automatic creation of Proxy ARP for manual NAT rules. Sounds nice, right?

Previously, when you used manual NAT rules with pre-R80.10 Security Gateways, you needed to either add proxy ARP through CLISH or by adding it to local.arp as described in sk30197.  That’s an article every engineer might have dealt with in the past.

Continue reading “R80.10: Automatic Proxy ARP with Manual NAT rules”

Memory leak in CPUSE Build 1272

It seems that the Gaia Deployment Agent, also known as CPUSE, is affected by a memory leak. When monitoring devices we saw memory usage increasing rapidly to almost unhealthy proportions. Most of the time the process was cleaned up and memory usage was restored to normal values. But today unfortunately a customer experienced problems with clients running Identity Awareness agents and some Site-to-site VPNs when DAService crashed and a coredump was created. Though it was part of a cluster no failover was initiated…

Continue reading “Memory leak in CPUSE Build 1272”

The CPUG Papers

A new exciting initiative has been introduced earlier this week: The CPUG Papers. As the authors stated themselves it’s going to be a comprehensive resource, providing clearly written, referenceable documentation that falls between the wonderful discussion information on the CPUG forums, and the detailed technical documentation provided by Check Point.

Continue reading “The CPUG Papers”

Crashing routed on 1100 Appliances (continued) [UPDATED]

More than a month ago I published this article about a crashing routed on two 1100 appliances when just entering the command ‘show route’ in CLISH.

It took some very long time to get an answer from R&D and apparently they could not reproduce the whole thing. They were able to crash routed but the failover could not be reproduced. After sending some more debug information and further investigation by R&D I was asked to enter two commands in CLISH.

Continue reading “Crashing routed on 1100 Appliances (continued) [UPDATED]”