Check Point Policy installation fails due too many files open

book

Article ID: 167907

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Check Point Policy installation fails due too many files openWhen installing Check Point Policy on the gateway the following message could be displayed in the management GUI: Installation failed. Reason: Load on Module failed - failed to load Security Policy

The following messages appear in the $CPDIR/log/cpd.elg on the APM:
[17 Oct 10:01:31] Failed to Load Security Policy: Too many open files 
[17 Oct 10:01:31] Fetching Security Policy Failed

When running the lsof command on the APM a huge amount of files opened by the CPD daemon is observed:
...
cpd        1109    root   88r   REG        0,8      528   2011416 /var/opt/CPshrd-V40/conf/cp.license (/dev/root)
cpd        1109    root   89r   REG        0,8      528   2011416 /var/opt/CPshrd-V40/conf/cp.license (/dev/root)
cpd        1109    root   90r   REG        0,8      528   2011416 /var/opt/CPshrd-V40/conf/cp.license (/dev/root)
cpd        1109    root   91r   REG        0,8      528   2011416 /var/opt/CPshrd-V40/conf/cp.license (/dev/root)
cpd        1109    root   92r   REG        0,8      528   2011416 /var/opt/CPshrd-V40/conf/cp.license (/dev/root)
...

The same file could be opened as many as several hundreds times by the cpd process.

Cause

 This could be caused by an issue in the CPD daemon that causes leak of file descriptors.

Resolution

Please contact Check Point for more details about this issue.

Workaround

Restarting the cpd will free up the files opened and the policy will install.