- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
In the Gaia Web GUI, 'Network Management --> Performance Optimization' tab, what criteria is used to determine what interfaces Multi Queue should be enabled on? For example, Here is a R80.20 6800 appliance set to the 'Optimize for Packet Rate and Throughput' option. It recommends eth1-01 and eth1-02 have multiqueue on (but ignores the other 10G interfaces that we have).
In my setup, eth1-01 and eth2-01 are in a bond for 'internal' and eth1-02 and eth2-02 are in a bond for 'external'. How does Gaia determine what interfaces it thinks this should be enabled on?
While I'm not privy to exactly how it is making that determination, it may be looking at overall frame count and picking the highest 2 interfaces, presence/percentage of RX-DRP counts, or both. Can you please provide the output of netstat -ni?
These 6800s are not in production yet - I am simply pre-building the configuration at this point. So, there is minimal load on them at this time.
But, here is the output:
[Expert@<removed>:0]# netstat -ni
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
Mgmt 1500 0 1583 0 0 0 2696 0 0 0 BMRU
bond0 1500 0 5274 0 0 0 2861 0 0 0 BMmRU
bond0.2303 1500 0 5197 0 0 0 2777 0 0 0 BMmRU
bond1 1500 0 7377 0 0 0 4024 0 0 0 BMmRU
bond1.2304 1500 0 7298 0 0 0 3944 0 0 0 BMmRU
bond2 1500 0 155352 0 0 0 145998 0 0 0 BMmRU
bond2.2305 1500 0 155272 0 0 0 145918 0 0 0 BMmRU
eth1 1500 0 154041 0 0 0 731 0 0 0 BMsRU
eth1-01 1500 0 2878 0 0 0 48 0 0 0 BMsRU
eth1-02 1500 0 3127 0 0 0 443 0 0 0 BMsRU
eth2 1500 0 1312 0 0 0 145267 0 0 0 BMsRU
eth2-01 1500 0 2396 0 0 0 2813 0 0 0 BMsRU
eth2-02 1500 0 4250 0 0 0 3581 0 0 0 BMsRU
lo 16436 0 3202 0 0 0 3202 0 0 0 LRU
Strangely, as well, when I check all 4 of the 10G interfaces, it forces eth1 and eth2 on as well (those are part of bond2 for state-sync).
The same thing happens if I configure it manually:
Hi @phlrnnr
You can configure a maximum of five interfaces with Multi-Queue. I can see 6 in your picture.
You must reboot the Security Gateway after all changes in the Multi-Queue configuration.
Tips:
|
Network card driver |
Speed |
Maximal number of RX queues |
|
igb |
1 Gb |
4 |
|
ixgbe |
10 Gb |
16 |
|
i40e |
40 Gb |
14 |
|
mlx5_core |
40 Gb |
10 |
More read here:
R80.x Performance Tuning Tip – Multi Queue
R80.x Architecture and Performance Tuning - Link Collection
Performance Tuning R80.10 Administratio Guide
Performance Tuning R80.20 Administration Guide
Performance Tuning R80.30 Administration Guide
Best Practices - Security Gateway Performance
@HeikoAnkenbrand That is part of the problem. I configured 4 interfaces, and Checkpoint turned on 6 interfaces (including 2 which I didn't configure). It won't let me turn them off either (via cpmq set).
I have just opened an SR with Checkpoint as well.
Hi @phlrnnr
I think also a TAC request is better in this case.
However, I'm still curious for a response from the Checkpoint Devs as to how Gaia determines what it thinks should be turned on...
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY