Does your firewall seem like it is always low on memory? Does it get sluggish at times and seem unresponsive or less responsive? It might be because your firewall is swapping memory to disk. Since read and write operations to disk are much slower than to memory, performance suffers greatly. If rebooting the firewall seems like the only fix, you might benefit from the information below.
Like other operating systems, a Check Point Firewall has an excellent memory management system implemented. However, occasionally processes eat away at the memory, and thankfully there is a relatively straightforward process to clear it in the underlying Gaia operating system.
First, determine if there is a problem with the cache or swap space on your Check Point Firewall.
From the expert-prompt, or bash-prompt, type the command.
“free -m”
If your firewall could benefit from clearing the caches, it should return something like this.
[Expert@horrafw01:0]# free -m
total used free shared buffers cached
Mem: 7731 7291 440 0 231 1063
-/+ buffers/cache: 5997 1734
Swap: 20512 1495 19017
From this listing, you can see that the memory is pretty full, with only 440M free, and the firewall has started to consume Swap. But there are 1063M in Cache, and this is our target to free memory.
A brief explanation of the cache is as follows. This number represents three caches, page, inode, and dentry caches. Gaia keeps a page cache in otherwise unused portions of the main memory (RAM), resulting in quicker access to cached pages and overall performance improvements. Similarly, the inode cache and dentry cache hold recently accessed files and directories on the server. As time goes on, these caches can grow quite large, especially on a busy firewall. The cache is more than one gig of the eight gigs of memory the firewall has in the example above. The lack of available memory has caused this firewall to swap to disk.
Let’s run the following command and see if we can reclaim some memory. The “3” in the following command clears the page cache, dentry cache, and inode caches.
“echo 3 > /proc/sys/vm/drop_caches”
“free -m”
[Expert@horrafw01:0]# echo 3 > /proc/sys/vm/drop_caches
[Expert@horrafw01:0]# free -m
total used free shared buffers cached
Mem: 7731 6049 1682 0 0 89
-/+ buffers/cache: 5959 1772
Swap: 20512 1495 19017
We’ve now freed memory from the cache and have 1682M free up from 440M free. Since this amount is greater than the amount swapped to disk, we should be able to free the swap space.
Let’s try freeing the swap memory now.
The following command will just turn off the swap and turn it back on.
“swapoff -a && swapon -a”
[Expert@horrafw01:0]# swapoff -a && swapon -a
Rerunning the command “free -m” will confirm that we’re using 0 swap now.
[Expert@horrafw01:0]# free -m
total used free shared buffers cached
Mem: 7731 6849 881 0 2 98
-/+ buffers/cache: 6748 982
Swap: 20512 0 20512
To summarize, on this firewall, we could clear swap space and free memory from caches using a series of commands, but these could be combined into one command.
“echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a”
This simple one-line command could quickly be scheduled to run every night to keep your firewall memory clear.
First, create a shell script clearcache.sh in /home/admin (or another directory) and add the following lines.
#!/bin/bash
echo 3 > /proc/sys/vm/drop_caches
swapoff -a
swapon -a
Next, set execute permissions on the file with “chmod 755 /home/admin/clearcache.sh”
Now from the clish prompt, schedule this to run nightly at 2 am. (or whatever your least busy time is)
> add cron job clearcache command /home/admin/clearcache.sh recurrence daily time 2:00
This should add a cron job called clearcache that runs every night at 2:00 am.
Verify that it has been scheduled with the following commands
> show cron job clearcache command
/home/admin/clearcache.sh
> show cron job clearcache recurrence
Every day at 2:00
Obviously, this isn’t going to fix a firewall that has too little memory to be functional. However, if you noticed that your firewall’s memory increases over weeks and months without rebooting, this might just be the fix that you’ve been looking for.
Like what you just learned? Subscribe to our blog today and stay up to date on the latest tips and how to better your cybersecurity and infrastructure.
