Application monitor reports Check Point application down

book

Article ID: 167965

calendar_today

Updated On:

Products

XOS

Issue/Introduction

This article describes a situation in which application monitor occasionally reports that Check Point R75.40 application is down during policy installation.Application monitor can report the Check Point application as Down for a short period (typically 5 seconds), even though the application is not suffering from any apparent issues:

<-- policy installation -->
Nov 15 23:21:00 cpsg_1 kernel: [fw_0];FW-1: No license for Performance Pack (SecureXL). 
Nov 15 23:21:00 CBS cbshmonitord: [N] Violation (s=1, no alarm) occurred: module:7, item:1501 (H_ID_APP_RUNNING), component:Application, time:[1321395648]"Tue Nov 15 23:20:48 2011" 
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2814 | Tue Nov 15 23:21:00 2011 | minor | ap5 | applicationDown | Application down 
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2816 | Tue Nov 15 23:21:00 2011 | info | ap5 | moduleStateChange | Module state change (up) 
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2818 | Tue Nov 15 23:21:00 2011 | info | ap5 | vapStateChange | VAP state change (up) 
Nov 15 23:21:05 CBS cbshmonitord: [N] Violation (s=1, no alarm) cleared: module:7, item:1501 (H_ID_APP_RUNNING), component:Application, time:[1321395665]"Tue Nov 15 23:21:05 2011" 
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2819 | Tue Nov 15 23:21:05 2011 | clear | ap5 | applicationDown | Application down | CorrelationID 2814
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2820 | Tue Nov 15 23:21:05 2011 | info | ap5 | moduleStateChange | Module state change (active) 
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2822 | Tue Nov 15 23:21:05 2011 | info | ap5 | vapStateChange | VAP state change (active)  


Cause

Problem:

Application monitor can report the application as Down during the policy push. This alarm is almost immediately cleared.
However, if the application monitor reports the application as Down even for a single second, it can cause a VRRP failover to the secondary chassis.

Goal:
To eliminate this unexpected behavior.

Resolution

This issue is fixed in the updated CBI release of the Check Point application R75.40 MR1. The filename is CPSG-R75.40-15.mr1.cbi. Upgrading to this new or later CBI version will solve this issue.

Workaround

Workaround 1:

To work around this issue, disable application monitoring:

CBS# configure vap-group <VG-NAME> no application-monitor

Workaround 2:

It is possible to use an updated app_status binary from Check Point R75.40 MR1. This binary is compatible with other Check Point R75 releases. To implement this workaround follow the steps bellow:

1. disable the application monitor on the vap-group first: 
CBS# configure vap-group <VG-NAME> no application-monitor 
 
2. Make a backup copy of current file : 
CBS# unix su 
# cp /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status.orig
 
3. Copy the new binary over the existing one. Then set the correct permissions: 
# chmod 555 /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status 
 
4. Enable back the application monitor: 
CBS# configure vap-group <VG-NAME> application-monitor 
 
Note: use your actual VAP group name instead of <VG-NAME> in all given commands