APM down due to automatic change in number of CoreXL Firewall instances

book

Article ID: 168275

calendar_today

Updated On:

Products

XOS

Issue/Introduction

If a 12-core or higher Check Point license is applied to the VAP (gateway) running A Check Point application such as R77, then the number of firewall instances for coreXL running on the VAP will automatically change to 9 on a 12-core APM-9600 once the module is reloaded after applying the license.

A mismatch in the number of CoreXL firewall instances running on the VAP can cause sync to go down, which can then result in application monitoring setting the application state to Down on the X-Series platform.


 

Cause

The automatic change for the number of CoreXL firewall instances creates a mismatch with the VAP configuration. This behavior is considered "functions as designed" for the Check Point application.
 

Resolution

As a best practice, after applying the new 12-core or higher license and then reloading the modules, please ensure all the cluster members have the same CoreXL settings.