https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196410#M36652 <P>Can you please explain why you need tcpdump and fw monitor for traffic analysis ? Usually cpview gives you the needed look into secureXL state, see the following:</P> <P><A href="https://support.checkpoint.com/results/sk/sk167553" target="_blank" rel="noopener"><SPAN>sk167553: <STRONG>Performance</STRONG> <STRONG>Investigation</STRONG> Procedure - How To</SPAN></A></P> <P><A href="https://support.checkpoint.com/results/sk/sk98348" target="_blank" rel="noopener"><SPAN>sk98348: Best Practices - Security Gateway <STRONG>Performance</STRONG></SPAN></A></P> Fri, 27 Oct 2023 13:42:12 GMT G_W_Albrecht 2023-10-27T13:42:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196395#M36647 <P>Good day&nbsp;</P><P>We have highly loaded security gateways that currently need traffic analysis.</P><P>In this article <A href="https://community.checkpoint.com/t5/Security-Gateways/quot-fw-ctl-zdebug-quot-Helpful-Command-Combinations/td-p/40680" target="_blank" rel="noopener">https://community.checkpoint.com/t5/Security-Gateways/quot-fw-ctl-zdebug-quot-Helpful-Command-Combinations/td-p/40680</A> I came across information that the utility negatively affects on performance .</P><P>Please tell me how critically it can affect on performance, which of the systems (CPU, RAM, traffic) is loaded the most?</P><P>Is it possible to reduce resource consumption through parameters like specifying the interface that will be dump?</P><P>How much traffic can <EM>fw monitor</EM> and <EM>tcpdump</EM>&nbsp;also load?</P> Fri, 27 Oct 2023 12:48:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196395#M36647 DmitriyDubovik 2023-10-27T12:48:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196397#M36648 <P>Use <A href="https://support.checkpoint.com/results/sk/sk141412" target="_blank" rel="noopener">cppcap</A> instead of tcpdump.</P><P><A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Quantum_SecurityGateway_Guide/Topics-FWG/Kernel-Debug/Kernel-Debug-Procedure.htm?tocpath=Kernel%20Debug%7C_____3" target="_blank" rel="noopener">Kernel debug</A> will have an impact on your FW, especially if it's already loaded as you say. They have to be started and stopped properly.</P><P>It's best to consult first with TAC to review your situation.</P> Fri, 27 Oct 2023 13:01:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196397#M36648 Alex- 2023-10-27T13:01:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196398#M36649 <P>TAC give you an answer for multiple days, we can t wait so long. Problem is in thing, that documentation don t describe important things like how much impact of performance, in what situation we can it on, in what we cant and another things...</P> Fri, 27 Oct 2023 13:09:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196398#M36649 DmitriyDubovik 2023-10-27T13:09:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196399#M36650 <P>And the most interesting question is whether the load will change depending on the parameters that you set</P> Fri, 27 Oct 2023 13:11:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196399#M36650 DmitriyDubovik 2023-10-27T13:11:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196410#M36652 <P>Can you please explain why you need tcpdump and fw monitor for traffic analysis ? Usually cpview gives you the needed look into secureXL state, see the following:</P> <P><A href="https://support.checkpoint.com/results/sk/sk167553" target="_blank" rel="noopener"><SPAN>sk167553: <STRONG>Performance</STRONG> <STRONG>Investigation</STRONG> Procedure - How To</SPAN></A></P> <P><A href="https://support.checkpoint.com/results/sk/sk98348" target="_blank" rel="noopener"><SPAN>sk98348: Best Practices - Security Gateway <STRONG>Performance</STRONG></SPAN></A></P> Fri, 27 Oct 2023 13:42:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196410#M36652 G_W_Albrecht 2023-10-27T13:42:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196413#M36654 <P>unstable traffic in video conferences without any negative symptoms (packet drops in the smartlog, CPU overload, and etc) is a main problem</P> Fri, 27 Oct 2023 13:47:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/tcpdump-fw-monitor-and-fw-ctl-zdebug-commands-and-performance/m-p/196413#M36654 DmitriyDubovik 2023-10-27T13:47:59Z