cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
TAEKBOM_Kim
Nickel

Can we use QoS function reliably?

Jump to solution

Hi guys,

I want to know 2 things before using QoS

1. Does the QoS function load the CPU, Memory?
2. Customer references using the QoS feature.

 

I am currently running below:

Appliance:Check Point 5800 Appliance
Security Management:Smart-1 405
Version (Firmware):R80.10

 

Cheers

🙂

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: Can we use QoS function reliably?

Jump to solution

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
2 Replies

Re: Can we use QoS function reliably?

Jump to solution

>> 1. Does the QoS function load the CPU, Memory?

For every decision on a GW we will need computing resources, so - yes, also QoS has its price, and you have to decide if it is right 😉.

>> 2. Customer references using the QoS feature.

What do you expect here ? I can only tell you that QoS is widely used for VoIP and video conferencing prioritizing - this is done by making other traffic slower...

For more reading see sk30590: What is Check Point QoS?sk32176: Limitations of Check Point QoS and the R80.30 QoS Administration Guide !

0 Kudos
Highlighted

Re: Can we use QoS function reliably?

Jump to solution

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com