Application monitor reports Check Point application down
Article ID: 167965
Updated On:
Products
XOS
Issue/Introduction
This article describes a situation in which application monitor occasionally reports that Check Point R75.40 application is down during policy installation.Application monitor can report the Check Point application as Down for a short period (typically 5 seconds), even though the application is not suffering from any apparent issues:
<-- policy installation -->
Nov 15 23:21:00 cpsg_1 kernel: [fw_0];FW-1: No license for Performance Pack (SecureXL).
Nov 15 23:21:00 CBS cbshmonitord: [N] Violation (s=1, no alarm) occurred: module:7, item:1501 (H_ID_APP_RUNNING), component:Application, time:[1321395648]"Tue Nov 15 23:20:48 2011"
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2814 | Tue Nov 15 23:21:00 2011 | minor | ap5 | applicationDown | Application down
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2816 | Tue Nov 15 23:21:00 2011 | info | ap5 | moduleStateChange | Module state change (up)
Nov 15 23:21:00 CBS cbsalarmlogrd: AlarmID 2818 | Tue Nov 15 23:21:00 2011 | info | ap5 | vapStateChange | VAP state change (up)
Nov 15 23:21:05 CBS cbshmonitord: [N] Violation (s=1, no alarm) cleared: module:7, item:1501 (H_ID_APP_RUNNING), component:Application, time:[1321395665]"Tue Nov 15 23:21:05 2011"
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2819 | Tue Nov 15 23:21:05 2011 | clear | ap5 | applicationDown | Application down | CorrelationID 2814
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2820 | Tue Nov 15 23:21:05 2011 | info | ap5 | moduleStateChange | Module state change (active)
Nov 15 23:21:05 CBS cbsalarmlogrd: AlarmID 2822 | Tue Nov 15 23:21:05 2011 | info | ap5 | vapStateChange | VAP state change (active) Cause
Problem:
Application monitor can report the application as Down during the policy push. This alarm is almost immediately cleared.
However, if the application monitor reports the application as Down even for a single second, it can cause a VRRP failover to the secondary chassis.
Goal:
To eliminate this unexpected behavior.
Application monitor can report the application as Down during the policy push. This alarm is almost immediately cleared.
However, if the application monitor reports the application as Down even for a single second, it can cause a VRRP failover to the secondary chassis.
Goal:
To eliminate this unexpected behavior.
Resolution
This issue is fixed in the updated CBI release of the Check Point application R75.40 MR1. The filename is CPSG-R75.40-15.mr1.cbi. Upgrading to this new or later CBI version will solve this issue.
Workaround
Workaround 1:To work around this issue, disable application monitoring:
CBS# configure vap-group <VG-NAME> no application-monitor
Workaround 2:
It is possible to use an updated app_status binary from Check Point R75.40 MR1. This binary is compatible with other Check Point R75 releases. To implement this workaround follow the steps bellow:
1. disable the application monitor on the vap-group first:
CBS# configure vap-group <VG-NAME> no application-monitor
2. Make a backup copy of current file :
CBS# unix su
# cp /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status.orig
3. Copy the new binary over the existing one. Then set the correct permissions:
# chmod 555 /tftpboot/<VG-NAME>_common/crossbeam/apps/app_status
4. Enable back the application monitor:
CBS# configure vap-group <VG-NAME> application-monitor
Note: use your actual VAP group name instead of <VG-NAME> in all given commands
Feedback
Powered by
