7 Replies Latest reply on Dec 12, 2013 10:28 AM by miig

    Memory saturated - MFE S1104

    miig

      Hello guys,

       

      We recently had deployed a McAfee firewall S1104, is the first firewall installed in my company, so we can be some unexperienced. 

       

      We have experienced some problems with the performance of the firewall and the entire network, because the firewall´s memory usage is always about 90% and sometimes the firewall became unresponsive because the CPU usage is around 80% in addition.  I have been monitoring the system resources usage for 2 weeks through the GUI and the same behavior is present.

       

      We have modified the AC Rules applying the Default App Defense with the same results.  I have installed a sniffer to listen all the traffic to the firewall interfase, and now is running to collect the information related.

       

       

      Any idea?

        • 1. Re: Memory saturated - MFE S1104

          Hello,

           

          How many clients are you protecting behind your S1104?

           

          You may be misinterpreting the memory usage, so you can look at this article:

          Explanation of Memory Usage Shown in the Output of top KB64409 kc.mcafee.com

           

          Can you send the following output:

           

          top -SH

           

          Regards,

           

          Matt

          • 2. Re: Memory saturated - MFE S1104
            miig

            Thank you Matt for your early response!!

             

            I am protecting 3 VLANs behind the firewall.   The VLAN for the internal users (around 50 clients),  the VLAN of the video and physical access control to the building, and the VLAN for wifi connections to the visitors.

             

            We are running on V8.3.

             

            Follows the output of the command requested.

             

            20131210_141641.jpg

            and some minutes later ...

            20131210_142602.jpg

            Any suggestion?

             

            Thanks in advance.

             

            MI

            • 3. Re: Memory saturated - MFE S1104

              We are thinking that your firewall might be spawning too many processes based on the "Approaching the limit on PV entries" error.

               

              Can you send us the output of 'pss'?

               

              There might be a problem with your sendmail configuration that is causing a loop. Have you modified sendmail at all recently? If sendmail has spawned way too many processes, you can limit sendmail to 50 processes by following the KB:

               

              kc.mcafee.com KB62997

               

              -Matt

              • 4. Re: Memory saturated - MFE S1104
                miig

                Thank you Matt.

                 

                I performed the changes to limit sendmail to 50 processes as mentioned.

                 

                Tomorrow morning I´ll send you the output of pss command.

                 

                I have an additional doubt.  We don´t have an internal mail server.  I mean, we are using a POP3 mail server hosted on the cloud.  Even that, is necessary to configure the sendmail or smtp proxy on the appliance?

                 

                Thanks in advance

                 

                MIA

                • 5. Re: Memory saturated - MFE S1104
                  miig

                  Hello Matt,

                   

                  Yesterday we were  monitoring the firewall behavior, and nothing changed after to update applied to the parameter on the sendmail config file.

                   

                  This morning these were all the errors messages on the appliance screen.

                  20131212_083947.jpg

                  follows the output of the pss command

                  20131212_085827.jpg

                  20131212_085341.jpg

                   

                  Please advice.

                   

                  MIA

                  • 6. Re: Memory saturated - MFE S1104

                    Hello,

                     

                    There are definetly too many sendmail processes spawned, but not enough I think to cause this problem.

                     

                    I am in training today and it is going to be hard to respond. I suggest opening a ticket with support and they can do a remote session and figure out what is happening and prevent it from occuring.

                     

                    -Matt

                    • 7. Re: Memory saturated - MFE S1104
                      miig

                      OK, I´ll do.