Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
We just recently noticed that our SSG 5-Serial firewall is using a lot of memory while the other resources are low. Isn’t it should just be the same with the CPU? Any explanation on why this is happening? By the way, firmware version was on 6.3.0r6.0.
Do you have any historical data on the memory?
On ScreenOS, unless you're doing Anti-Virus or routing-protocols, the memory utilization will remain static. It would be a point of concern if memory utilization continued to increase.
I've seen ScreenOS firewalls run OK, even with 90+% memory used. since all the processes pre-allocates the memory -- session table, etc.
I would check "get mem" and "get mem pool" and check if alloc memory does not continue to increase. If it does, then the firewall could potentially be facing a memory leak.
By the way, are you able to reboot the SSG5 and check memory used? If the same amount of memory is used even after a reboot, then there would be no memory leak...
Thanks for your quick response. When we perform a reboot it’s at 80+% and over time, it will turn red and will be at 100%. This will happen after a month or so since the memory gradually increases. Also, here’s the result after running these commands.
The "sys" portion of "get mem pool" seems high. There seems to be a number of bug fixes addressing sys pool memory leak.
One is SSH causing this to occur. Another is DI or Anti-spam...
I suggest upgrading to latest 6.3.x (I believe it is 6.3.0r14), and monitor the firewall.
Thanks Sam. We'll let you know what happens after the upgrade.
The memory usage seem to have been reduced after the update but it is still high. Here's the "get mem" and "get mem pool" result after the update. Is this normal? Please advise.
The only thing I can think of is UTM.
Are you running Anti-Virus or any other UTM features?
What does "get license" look like?
If you are not using any UTM features, but license still exists, I recommend "exec license delete xxxx" and reboot the firewall.
Also, I assume you have the 256MB version... (get system | inc memory).
Otherwise, the sys mem pool looks about right now (after the reboot).
I suspect you'll no longer see the memory utilization keep rising...
I apologize for the late response. Yes, “get license” shows we have some UTM features enabled and yes it’s the 256mb version. I’ve been monitoring the memory resources since the firmware update and I’ve noticed that there is a slight rise in fall in the memory allocation (see attached) based from “get mem” and “get mem pool” command. Is it normal?
That's very slight change in the memory use. If it's a slow memory leak, then it could take awhile to notice. I suggest to monitor for a week and check the delta.
Looks as if the license keys are no longer in use. I highly recommend removing them and rebooting the firewall. This will free up a lot of the memory. Even with an expired license key, seems as if the firewall pre-allocates a chunk for the UTM process.
exec lic del di_db_key
exec lic del av_v2_key
Thanks Sam! I really appreciate your help. 🙂 We'll remove the license keys and we'll let you know what happens.
Wow! Deleting those keys indeed freed up a lot of memory. Thank you very much!!!
One more question though. Is this where we safely remove the unsused policy (using the remove option)? We would just like to remove this policy as well.
nice. now your memory pool usage looks almost exactly like mine (i have a ssg5 with no UTM license).
yes, that's where you would remove unwanted policies.
Great! Thanks for all your help Sam. 🙂