Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is the cause of the Firewall event log message "Cannot allocate xxx bytes of memory" ?

0

0
Article ID: KB9870 KB Last Updated: 25 Aug 2011Version: 5.0 Summary:

The event log message indicates the firewall is unable to allocate memory to download new pattern database. This issue is seen only after the device has been operational for some time, depending on the traffic pattern. It is also more likely to occur on devices that are also running Deep Inspection (DI).

Symptoms:

NS-5GT Firewall device with Trend Micro Antivirus and Deep Inspection License may get memory allocations errors as shown in the below "get event" command output example:

2007-04-27 20:03:17 system crit 00554 SCAN-MGR: Internal error occurred when calling this function: TmIntCPVSInit. Error: -3.
2007-04-27 20:03:17 system crit 00081 Cannot allocate 1501584 bytes of memory.
2007-04-27 20:02:53 system notif 00554 SCAN-MGR: New AV pattern file has been updated. Version: 433; size: 7220817 bytes

At 20:02:53, the AV pattern file was successfully downloaded to the firewall device.  
However, at 20:03:17, it was unable to update the AV engine of the firewall device with this new AV pattern file.

The root cause for this issue is memory fragmentation on the device that occurs over time as memory is allocated and de-allocated to accommodate different size of packets traversing the device. The memory is fragmented to the extent that the device cannot allocate a large enough memory block to download the new pattern database.

Solution:

Redownload the AV pattern file.  If the same error occurs, reset the firewall device and then redownload the AV pattern file again.


Explanation of fix:

Due to limited resources available on the firewall device, TrendMicro has optimized the database to reduce the pattern file size.

  • Before optimization the pattern files included: signatures for "in-the-wild" + prevalent generic signatures + specific customer cases for the last 2 years
  • The optimized database includes: "in-the-wild" + prevalent generic signatures.


The "in-the-wild" patterns includes virus which are seen in the real world; the omitted signatures were specific to some customer environment and not seen in the production systems.

The following are some of the expected behavior changes:

  1. The pattern file number on the Juniper Firewall would be different compared to the pattern file number on the TrendMicro’s website, this is due to the commission of the specific customer cases for Juniper Firewall.

  2. The Signature Update frequency would be done as and when "In-the-wild" virus are found. As a result, TrendMicro users should expect the signature file to change less frequently. Changes may not occur for weeks at a time.

  3. The solution continues to provide coverage against the most relevant virus attacks.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search