| Checkpoint – Policy installation failed. Error code: 0-2000040 |
This morning i have come across a Checkpoint problem: No way to perform a succesful policy installation in any of the several virtual system gateways I have in my environment.
As you can see the returning error is: Policy installation failed on the gateway. If the problem persists contact Check Point support [Error code: 0-2000040].
Fortunately i found a generic … Read more
|
| Checkpoint – VSX Virtual Memory full – Enable 64 bit |
I manage a 2 node VSX clusterXL environment that hosts 3 firewalls (virtual systems).
Some days ago I came across a problem in which one of them started (or maybe more time ago but not aware) to experience bad performance, outages, timeouts…
Trying to make a failover and move the VS to the other node fixed the problem until … Read more
|
| Checkpoint – Incrementing virtual system instances to solve cpu overload |
Due to some network infrastructure changes, the traffic passing through my internal FW (a Checkpoint VSX virtual system) started to suffer latency and packet loss.
No change had been made to the Checkpoint VSX, but for any reason, since that network changes, Checkpoint was not processing the traffic succesfully.
Performing a top on the VSX appliance containing the active “iNTERNAL … Read more
|
| Checkpoint – Nagios plugin to monitor ARP table in VSX |
When suffering random network interruptions, a possible cause (and diffcult to find) is our firewall ARP table overflow. In Checkpoint systems, the Linux kernel Gaia is based on would log messages like "kernel: neighbour table overflow" to /var/log/messages.
After living two small crisis due to this problem (network scanning software and mask B networks are dangerous for the … Read more
|
| Checkpoint – Nagios plugin to monitor VS active connections |
Having our Checkpoint VSX Virtual System active connections under control can be very important to avoid problems, configure a higher connection limit, be ready for growth (and so scalate our environment)…
Nagios and SNMP can be used to configure a VS connection monitor plugin:
Steps needed to configure the plugin:
