Create a Post
Showing results for 
Search instead for 
Did you mean: 

CPU Utilization Question


I have a CP n00b question about the CPU utilization on an open server.

We are running R80.30 take 215 with 2 interfaces and 4vCPU's.

The server has 8GB of RAM and is a stand alone deployment.

I can only see one CPU being utilized a frequently and the other 03 not so much..

Is this normal?



We are licenses for 08 cores but have only 04 installed


[Expert@FP-CP-VM:0]# fw ctl get int fwlic_num_of_allowed_cores
fwlic_num_of_allowed_cores = 8

[Expert@FP-CP-VM:0]# fw ctl multik stat
ID | Active | CPU | Connections | Peak
0 | Yes | 3 | 53 | 718
1 | Yes | 2 | 76 | 291
2 | Yes | 1 | 86 | 527
3 | Yes | 0 | 60 | 267

[Expert@FP-CP-VM:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.

Configuration Options:
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) PKCS#11 Token
(6) Random Pool
(7) Certificate Authority
(8) Certificate's Fingerprint
(9) Check Point CoreXL
(10) Automatic start of Check Point Products

(11) Exit

Enter your choice (1-11) :9


Configuring Check Point CoreXL...

CoreXL is currently enabled with 4 IPv4 firewall instances.

(1) Change the number of firewall instances
(2) Disable Check Point CoreXL

(3) Exit
Enter your choice (1-3) :


FP-CP-VM> fw ctl multik dynamic_dispatching get_mode
Current mode is On


Is this something to worry about or is this normal?

Do i need to tweak anything to optimize?

Should the number of FW instances be 03 or 04?






0 Kudos
5 Replies

Four firewall instances on a four core box doesn’t sound right, it should be either three or two.
That might explain why one core is getting used more than it should.

0 Kudos
Champion Champion

For a 4-core box the default number of worker instances is 3, with the remaining core allocated as a SND (Secure Network Dispatcher).  Normally this default split config will be sufficient for the typical traffic loads, but having 4 worker instances is making the single SND core pull double duty also as a Firewall Worker (worker instance) thus the higher CPU load.  If however you don't have a large number of features/blades enabled (command enabled_blades) and the percentage of accelerated traffic (Accelerated pkts/sec in output of fwaccel stats -s) is >75% you will probably want to only allocate 2 kernel instances for a 2/2 split.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

So should i drop down for a 2/2 split?

#Enabled Blades

[Expert@FP-CP-VM:0]# enabled_blades
fw vpn urlf appi identityServer SSL_INSPECT vpn


#fwaccel stats

[Expert@FP-CP-VM:0]# fwaccel stats -s
Accelerated conns/Total conns : 0/230 (0%)
Accelerated pkts/Total pkts : 4794395/16661842 (28%)
F2Fed pkts/Total pkts : 7177409/16661842 (43%)
F2V pkts/Total pkts: 191670/16661842 (1%)
CPASXL pkts/Total pkts : 3680714/16661842 (22%)
PSLXL pkts/Total pkts : 1009324/16661842 (6%)
QOS inbound pkts/Total pkts : 0/16661842 (0%)
QOS outbound pkts/Total pkts : 0/16661842 (0%)
Corrected pkts/Total pkts : 0/16661842 (0%)



0 Kudos
Champion Champion

Given what you have provided, in my opinion no.  Allocate 3 instances to obtain the default 1/3 split for a 4-core box.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

Thanks Timothy, have made that change and monitoring

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events