Pushing Policy Failed because Checkpoint Firewall "Load on module failed - no memory" - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, September 5, 2014

Pushing Policy Failed because Checkpoint Firewall "Load on module failed - no memory"

One day when pushing firewall policy from Checkpoint management server to UTM 272 cluster gateways, it failed and I got error message "Load on module failed - no memory" on one of cluster members.

"Network Security Policy 'Montreal_DMZ' was prepared on Tue Sep 16 10:00:58 2014.

The following errors and warnings exist:

Installation failed. Reason: Load on Module failed - no memory. ( message from member fw_Montreal)"


Searched online and found a couple of sk and posts regarding this error. But all of them are not same as my scenario. Eventually with an open case, Checkpoint support send me those commands fixed my issue. This post records this for the reference

On both cluster members perform under expert mode:

  1. tellpm process:monitord
  2. ps aux | grep cpd
  3. kill -15 <PID_of_CPD> 
  4. tellpm process:monitord t
  5. cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

Here is the output from my problem devices:
[Expert@CP-DMZ:0]# tellpm process:monitord
[Expert@CP-DMZ:0]#
Message from syslogd@ at Tue Sep 16 10:27:42 2014 ...
CP-M-DMZ monitord[4129]: monitord got killed
[Expert@CP-DMZ:0]#
[Expert@CP-DMZ:0]# ps aux | grep cpd
admin     4461  0.0  0.3 212412  3196 ?        Dsl  Aug06  42:47 cpd
admin     6905  0.0  0.0   1816   492 pts/2    S+   10:27   0:00 grep cpd

[Expert@CP-DMZ:0]# kill -15 4461

[Expert@CP-DMZ:0]#
[Expert@CP-DMZ:0]# tellpm process:monitord t

[Expert@CP-DMZ:0]#
[Expert@CP-DMZ:0]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"
cpwd_admin:
Process CPD started successfully (pid=7030)
[Expert@CP-DMZ:0]#


After that, pushed policy again and this time both cluster member got policy without any error.

No comments:

Post a Comment