It seems that the Gaia Deployment Agent, also known as CPUSE, is affected by a memory leak. When monitoring devices we saw memory usage increasing rapidly to almost unhealthy proportions. Most of the time the process was cleaned up and memory usage was restored to normal values. But today unfortunately a customer experienced problems with clients running Identity Awareness agents and some Site-to-site VPNs when DAService crashed and a coredump was created. Though it was part of a cluster no failover was initiated…
CPUSE Build 1272 is affected by this memory leak. Advice is to install the latest build: 1278. Contact Check Point Support for details as the SK was retracted from public access.
You can check the build number in CLISH by entering the command:
show installer status
Check Point says that the latest CPUSE build is usually gradually released to all customers. In this case it’s better not to wait but to replace it manually.
Download the latest CPUSE build here to manually replace the Deployment Agent. Make sure you do follow the instructions to kill all running CLISH and ConfD daemons and restart the CPUSE agent manually.