Am I the only one with problems when it comes to installing the most “stable”/recent Checkpoint GAIA release (R75.47)?
Last month I got a 4800 series appliances cluster and downloaded the official GAIA R75.47 ISO from checkpoint.com and verified the md5 checksum (loads of times by now!).
After I installed the appliances without any problems I continued to configure everything and add the Cluster to our SmartDashboard.
But when I wanted to apply the licenses from the Usercenter via SmartUpdate I got an error telling me the Appliances were out of disk space. Imagine how pleased I was when I verified that the Appliances were actually at 100% disk usage for the /var partition.
As I used “du” to find the source of the disk usage I eventually found thousands of vpnd coredumps (vpnd.XXXX.core, where XXXX is the PID I guess) on the /var partition under /var/log/dump/usermode.
A tail on $FWDIR/vpnd.elg then showed me that the vpnd was constantly crashing and dumping its memory. At least twice a second!
And this was for the soon to be “main vpn firewall”….
After a Support case with Checkpoint I got a “patched” vpnd binary to exchange in my binary folder and the answer that this is not needed for every installation of R75.47 but rather was a special case for this setup.
After I exchanged the vpnd binary and took the cluster productive we had one mayor incident where all our VPN tunnels went down and stayed down until we rebooted the active cluster-member. All tunnels came up as soon as the secondary cluster member became active. When the primary cluster-member rebooted it became master again and all VPN tunnels continued to run. This was 2 weeks ago and everything has been running stable since then.
Different cluster same luck
This week I was installing a second 4800 cluster with the same iso and got the exact same issue. Funny thing is that the policy I pushed to this cluster does not even have a single VPN tunnel configured.
So it seems to me that the most recent, most stable and suggested version for installation has a faulty vpnd binary packed inside the iso download.
I just verified that to this day I am writing this (Oct 16. 2013) the same download is still on the Checkpoint Homepage:
So my assumption is that this happens at least on all 4800 series appliances but more likely on all 2012 series appliances if not with any Gaia R75.47 installation.
And if this would be the case Checkpoints QA seems to be screwed up!
Am I the only person with this issue in R75.47? Are there any R75.47 installations out there that did not run in this exact issue?
If so feel free to leave a comment and state the platform you installed it on.