V210 Sol 10 kernel crash w/check point
- SF V210
- fresh install Solaris 10 (01/06)
- cluster 01/18/06
- only bge0 primary interface
- fresh install check point express (sol 10 vsn)
- reboot
- crash/dump/reboot/crash/dump/reboot...
- unable to boot single user
- Reinstalled (same)
- installed addt't Sun PCI interface 100mbs
- only hme0 primary interface
- fresh install check point express
- reboot
- life is good - no crash
REAL easy to duplicate - happens every install
looks like check point doesn't play nicely with bge driver
- have confirmed with check point support for solaris 10
- they have tested SOL10 (01/06) on ultra 5
unsure if Sun bug or Check Point bug?
Know CP is messing with network stack - but V210/V240
are PERFECT firewall boxes with 4 interfaces!!
Hope somebody finds important enough to find fix.
[925 byte] By [
htsguru] at [2007-11-25 22:49:48]
# 1
Can you make crash dump analysis by ISCDA, SUNWscat, finally by crash and adb utilities?It could help to locate the problem - which device or process is to blame.Of course, crash dump should be avalable.
# 2
CP and Sun are focusing on the iForce firewall appliance which is based on Linux. Did you check to see if there was any bge patches from CP?
# 3
PANIC [cpu0]/thread = 30000eed900: fw_dlnext: State Handler Error
(etc...)
Only happens with bge interface config'd. If hme - no issue. The above
panic shows fw_dlnext - which I believe to be 'firewall'.
Was hoping to provide crash dump, but unable...
- Tried to boot single user - but crash occurs in single user mode too.
- Tried to mount disk and view /var/crash/machine directory after
crash - but the dir is empty.
Check Point has just duplicated on V210, but no feedback yet. They
were unaware any bge issues.
Have also tried disabling network/pfil, which is enabled with no active
filters, by default. No diff.
# 4
I have encountered the same issue on the V240 platform. After running cpconfig and rebooting the box it hangs until the hardware watchdog resets the system:
FW-1: driver installed
F
SC Alert: SC Request to XIR Host due to Watchdog
XIR failed - performing
SC Alert: Host System has Reset
SPOR
XIR/Watchdog Reset
Executing Power On Self Test
I have opened a TT with Check Point on this issue.
Do you have an open TT number with Check Point that I can reference?
DonJS at 2007-7-5 17:05:16 >
# 5
Check Point SR 1-6202059859:Solaris 10 kernel dumps after install of Checkpoint Express for Solaris 10I'm sure it's something specific with the bge interface.Hope this helps.
# 6
I have opened Check Point SR 1-6233221841.I have many firewalls on this platform with Solaris 9, so I'm confident we'll get a fix.
DonJS at 2007-7-5 17:05:16 >
# 7
What is your OBP and ALOM version ?
# 8
I'm having the same problem with Sunfire V210 and Checkpoint R60 Enterprise...has anyone had a resolution from Checkpoint regarding this?
# 9
with and without the latest patch cluster has same results, also using latest 1/06 media..
# 10
Hi guy's
Had the same problem and installed solaris 10 03/05
and there i had no problems in installing checkpoint R60_HFA_02
So i guess there is a problem with the version 01/06
did not try the smpatch update yet
But will give it a try this week keep you posted.
Filip
# 11
So this morning i did an update off solaris 10 on our firewall.And yes it crashed on reboot so install solaris 10 03/05 without any patches i gues it is either the bge0 drivers or the nemo project wich is making checkpoint firewall crashing.filip
# 12
Check Point asked me to try a different network interface card in V210.
- They must be short engineers and hardware <img src="images/smiley_icons/icon_smile.gif" border=0 alt="Smile">
Installed an older Sun single interface PCI card I had retired (possibly X1033A).
Installed, rebooted fine. So - it appears the problem is specifically related to bge
interface.
Check Point has escalated to engineering 3/1/06 - but no feedback or updates yet.
This problem is getting VERY OLD, considering I have been working with
Check Point on this since January 10th.
Receiving X4444A Quad card today (backordered for a month!)
Think I will just ignore onboard bge until they get fixed.
# 13
Checkpoint have come back saying that Sun patch 118822-30 fixes the problem, I've yet to try this - but will let you know if it does the trick..
# 14
Installed 10_Recommended patch cluster 3/16/06 over weekend, which includes patch 118822-30.
Still crashes - same problem.
Check Point claims reverting to 118822-20 works. Can't confirm - I hate going 'backwards' with patches.
Current Sun Bug ID 6401218 is supposed to address this, but I haven't seen any fixes yet. Would think fix can't be far off if bug report exists from Check Point.
I have had success installing a PCI Quad Gigaswift (ce) card in machine until Sun has bug fix. No crash, since FW isn't pushing anything on the stack for bge driver.
# 15
i've just had the same result with 118822-30 (also as part of latest patch cluster).
even when installing HFA02 on the machine before rebooted i get the same result.
Checkpoint also came back saying that they where closing my case as Sun had admitted it was a problem with there patch - not Checkpoint. they also reffered me to that Bug ID, which I can't seem to find any info about.
I take your point about the Quad card route, what sort of cost are you looking at though?
at 2007-7-21 14:27:05 >
# 16
has anyone found the fix for this?
# 17
Despite the posting dates visible in this thread,
it is actually a very old forum thread (circa mid 2005).
It is a remainder from the old Hardware Forums and was one of the few
posts that were migrated across to this web site, on 30-Mar-06.
With a Spectrum login account to Sunsolve, you can read BugID 6401218 for yourself.
The document seems to have been lasted touched in March '06.
The title of that BugID is ...
"PPA problem: e_ddi_get_dev_info() failed with S10 kernel patch 118822-23
but OK with patch 118822-20"
That document title suggests that a kernel patch incorporates a fix.
The status of the Bug is "10-Fix Delivered" which would also seem to mean a patch resolves it.
If you are not experiencing a resolution via various patching,
I might suggest you open a support case with your local Sun Solution Center,
get your case passed forward to the Network Support Team,
and discuss it in depth with them.
