Cloudguard 4GB file limit?
If we do a file download over HTTPS with a 4GB or more file size, the Cloudguard VM goes to 35% of CPU utilisation (with 4 cores) and speeds slow to next to nothing. This affects also other VM's that are serviced by that cloudguard VM.
(We use Cloudguard IAAS R80.10 on NSX-V 6.4.6).
We have tried expanding the memory of the cloudguard VMs to 16GB (by shutting them down and editing the VM in vSphere) but this does not make any difference. Does anyone have any idea how to fix this?
Firewall, Application Control, URL Filtering, Identity Awareness, IPS are the enabled blades.
It does indeed like it has to do with one of them, since firewalling doesnt care about file sizes.
The issue isn't exactly related to file sizes, since none of those blades actually care about file sizes, but likely related to the fact a connection transferring a 4GB file effectively creates an elephant flow.
With a four core VM, there are not many other cores to utilize when this happens.
Any other connection using that same core will appear to be slow.
Adding more cores to your VM should help.
Elephant flows in general are tricky to deal with.
We have added some technologies that help mitigate when this happens in R80.40 and above.
However, that requires having more cores..and using later releases.
Which, I understand, is not possible because you're using NSX-V currently.
Still, the behavior changes. A 3.5 GB download works fine. A 4.5 GB download works fine up to 4.1 and then the ETA keeps eternally increasing, download speeds keep dropping 300mbit goes down to 30mbit at that very point and keep slowing down to 3mbit to even less than that and everything gets very sluggish, new connections have a very hard time, other VMs are impacted...
I can understand that an elephant flow would consume considerable resources but this should be a normal sustainable impact not acting like new connections are not processed like they are after hitting the 4 GB.