This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
stuart2020
Contributor
‎2024-05-30 07:20 AM

CheckPoint 15400 Gateway - R81.20

Hello, 

I've recently upgraded our CheckPoint 15400 ClusterXL Gateways to R81.20 Take 53. Since the upgrade we have 10-15 minutes of extreme slowness where everything grinds to a halt before performing normally again. This happens once maybe twice per day.

I've checked the cpview history and there doesn't seem to be a correlation with increased traffic, high CPU but from SolarWinds I can see that latency to Google increases to over 10,000ms. 

Has anyone else experienced performance issues in R81.20. Any tips for troubleshooting the issue please?

Many Thanks

 

10 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-05-30 08:30 AM

I have a lot of firewalls on R81.20 with various jumbos including 53. I haven't seen a problem like you describe.

If the issue isn't correlated to high processor usage on the firewall, maybe it's some traffic the firewall drops such as traffic from an internal DNS server out to DNS servers on the public Internet? When DNS misbehaves, so does basically everything else.

(1)
stuart2020
Contributor
‎2024-05-30 09:09 AM
In response to Bob_Zimmerman

Thanks for the suggestion. I've checked DNS and no drops have been detected. I know it could probably be a number of different issues but any more suggestions on possible causes? 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-05-30 09:12 AM
In response to stuart2020

Can you check output of fw tab -t connections -s?

Also, does cpview show u top services/connections?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
stuart2020
Contributor
‎2024-05-30 09:23 AM
In response to the_rock

fw tab -t connections -s

HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 7239 19761 14263

I'm unable to view historical connections in cpview and top connections under the network tab need to be activated. I've uploaded screenshots of real time network and CPU top connections.

Preview file
85 KB
Preview file
25 KB
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-05-30 09:29 AM
In response to stuart2020

Make sure gateway object has connections set to auto setting as well. Please open TAC case, sounds like a pretty serious issue.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
stuart2020
Contributor
‎2024-05-30 09:42 AM
In response to the_rock

Where in the gateway object is the connection auto setting? 

Yes, I have raised it with TAC. Just waiting for someone to pick up the ticket. 

0 Kudos
stuart2020
Contributor
‎2024-05-30 09:45 AM
In response to stuart2020

Is it the setting in the screenshot that you're referring to? 

Preview file
6 KB
the_rock
MVP Diamond
MVP Diamond
‎2024-05-30 10:00 AM
In response to stuart2020

Thats it, you got the right option selected.

Best,
Andy
"Have a great day and if its not, change it"
stuart2020
Contributor
‎2024-05-31 05:51 AM
In response to the_rock

I've been reading through sk167903 to enable data collection for Network --> Protocols / Connections. The article mentions enabling this feature may cause a performance impact. 

Do you know how much of an impact this has? Is it likely to cause performance issues? 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-05-30 09:00 AM

I can totally see the point @Bob_Zimmerman is making. I had never seen this issue myself, so highly unlikely its code problem.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events