Checkpoint   Checkpoint – Policy installation failed. Error code: 0-2000040



This morning i have come across a Checkpoint problem: No way to perform a succesful policy installation in any of the several virtual system gateways I have in my environment.

As you can see the returning error is: Policy installation failed on the gateway. If the problem persists contact Check Point support [Error code: 0-2000040].

Fortunately i found a generic … Read more

Checkpoint   Checkpoint – VSX Virtual Memory full – Enable 64 bit



Symptoms

I manage a 2 node VSX clusterXL environment that hosts 3 firewalls (virtual systems).
Some days ago I came across a problem in which one of them started  (or maybe more time ago but not aware) to experience bad performance, outages, timeouts…

Trying to make a failover and move the VS to the other node fixed the problem until … Read more

Checkpoint   Checkpoint – Incrementing virtual system instances to solve cpu overload



Due to some network infrastructure changes, the traffic passing through my internal FW (a Checkpoint VSX virtual system) started to suffer latency and packet loss.

No change had been made to the Checkpoint VSX, but for any reason, since that network changes, Checkpoint was not processing the traffic succesfully.

Performing a top on the VSX appliance containing the active “iNTERNAL … Read more

Checkpoint   Checkpoint – Nagios plugin to monitor ARP table in VSX



When suffering random network interruptions, a possible cause (and diffcult to find) is our firewall ARP table overflow. In Checkpoint systems, the Linux kernel Gaia is based on would log messages like "kernel: neighbour table overflow" to /var/log/messages.

After living two small crisis due to this problem (network scanning software and mask B networks are dangerous for the … Read more

Checkpoint   Checkpoint – Nagios plugin to monitor VS active connections



Having our Checkpoint VSX Virtual System active connections under control can be very important to avoid problems, configure a higher connection limit, be ready for growth (and so scalate our environment)…

Nagios and SNMP can be used to configure a VS connection monitor plugin:
Checkpoint - Nagios plugin to monitor VS active connections 1

Steps needed to configure the plugin:

  1. SNMP OID for virtual systems active connections
  2. Develop an script
Read more