Checkpoint high load

High load messages on Checkpoint Firewall platform

Analyzing Checkpoint firewall high load messages


X log entries were not sent to log server

Your device was under high load and logging feature was disabled. If this message appears rare and discarded logs number is low problem is not serious. But be aware that you could lost important logs: AV, IPS or DLP.
If messages appears often this means that device needs optimization. Clean up and reorder rule set or upgrade hardware platform.


How to check if problem is serious:
1. Open SmartTracker. File -> Open.
2. Check when log files are rolled.
3. Determine analysis time range
4. Open file.
5. File -> Export. Choose File.
6. You will get log count in new dialog. Write it down. Click cancel.
7. Repeat with all files
8. Sum all discared logs from log messages from date range
9. Calculate

% log lost = log lost / (log lost + log stored) * 100

Repeat this operation for some random days

Check also Checkpoint support portal: here


CUL: cul_load_freeze

This is problem. During CUL (cluster on load) device is unstable. Immediate action is required.



Note:
1. There is also cluster flapping mechanism enabled during policy install. This is multiple master device election prevention.
2. You should not install policy during working hours. During install you could loose some sessions.