cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Jesus_Cano
Copper

Activate license IPS

Hi,

We have a cluster Checkpoint R77.30. So we are thinking in enable IPS blade. So we would like to know if these FWS will support the load (CPU, RAM) with IPS blade enable. What parameters about machine we have to know in order to enable IPS without load CPU RAM penalties. Any commands? advice? et.

thanks 

3 Replies
ED
Silver

Re: Activate license IPS

Hi,

You don't mention if you have Appliance or Open servers running for your cluster. Check Point has a performance sizing utilty (not supported on Open servers and some appliances) which can assist you in decision of enabling IPS blade. 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

From the description:

The cpsizeme is a lightweight shell script that produces a detailed performance report of Check Point Security Gateway. This script measures the ongoing resource utilization on Security Gateway during the given time period (refer to "Running cpsizeme" section). During this period, the script gathers information about CPU, memory consumption, throughput and few other important performance parameters.

This cpsizeme output and report can assist in improving the sizing accuracy in any one of the following scenarios:

  • Replacing the current Security Gateway appliance/server with a new one.
  • Future growth and planning ahead.
  • Enabling more security Software Blades on the current Security Gateway.
  • Troubleshoot performance issues on the Security Gateway

IPS can have from low to high performance impact on your gateways (depending on your tuning and number of enabled protections) so if your gateways are already saturated you wil not have much left for growth in resouce utilization. 

0 Kudos

Re: Activate license IPS

Please tell us which blades are currently enabled and how much the CPU is loaded on active member. You should also look into SecureXL stats...

0 Kudos

Re: Activate license IPS

Please provide output from the "Super Seven" commands (Super Seven Performance Assessment Commands (s7pac))  and I should be able to give you a rough projection of what enabling IPS will do to the gateway's performance.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com