This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nicolas_figaro
Participant
‎2017-10-06 05:57 AM

How can I troubleshoot traffic hanging through VSX every 20 minutes ?

Hello,

I'm trying to troubleshoot a VSX issue.

The customer indicates that when he monitors traffic using a basic monitoring software between two lans through a VSX, the connection somehow hangs every 20 minutes.

network config is quite basic.

internal networks - internal VSX - core network - external VSX - internet.

I checked the performances so far and everything seems ok, except all interfaces IRQs use the same CPU. The coreXL license only allows the use of 4 CPUS, the open server has 16 cores.

I have 2 VSX instances for filtering, and the CPU doesn't seem to go too high.

I also thougth about upgrading the network drivers for 10 GBE interfaces (ixgbe) using intel drivers for linux, as checkpoint doesn't provide any driver for open servers. Did anyone already did this ? 

How can I troubleshoot further to check where the latency comes from ?

Best regards.

0 Kudos
2 Replies
Albin_Hakansson
Participant
‎2017-10-06 11:49 AM

Is there any issues with other traffic than this monitoring traffic?

As a first step I would  check so the traffic is going through the firewall properly:

fw monitor -T -e "accept host(x.x.x.x) and host(x.x.x.x);"

When the customer runs into the issue, check the timestamps of the traffic if there was high latency for packet to be forwarded out of the out interface. 

If you suspect that the packets are dropped, you can run a drop debug to see if they were dropped for some reason.

fw ctl zdebug + drop 

You can also use cpview to make sure the interfaces are not overloaded, and that there are no traffic spikes at the time of the issue. Check the CPU usage of the dispatcher core, so that it is not overloaded.

Also, of course make sure you check the traffic logs for this traffic so they look alright.

0 Kudos
nicolas_figaro
Participant
‎2017-10-09 07:58 AM
In response to Albin_Hakansson

Hello,

There is no traffic drop.

The core used for traffic dispatching is not overloaded.

I already checked some captures, but I couldn’t find any delay.

Best regards.

Nicolas FIGARO

Responsable Intégration Sécurité Sud

M : 06 19 13 76 72

Exaprobe

Buroparc 1 – Voie 1

44 rue de la Découverte – CS 37630

31676 LABEGE CEDEX

email : nfigaro@exaprobe.com<mailto:nfigaro@exaprobe.com>

web : www.exaprobe.com<http://www.exaprobe.com/> / www.econocom.com<http://www.econocom.com/>

<https://cybersecuritymonth.eu/>

De : Albin Hakansson

Envoyé : vendredi 6 octobre 2017 20:51

À : Nicolas FIGARO <nfigaro@exaprobe.com>

Objet : Re: - Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

CheckMates <https://community.checkpoint.com/?et=watches.email.thread>

Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

reply from Albin Hakansson<https://community.checkpoint.com/people/albinb68274a1-403b-4929-8ee1-1890d1cbc3fd?et=watches.email.thread> in General Product Topics - View the full discussion<https://community.checkpoint.com/message/9371-re-how-can-i-troubleshoot-traffic-hanging-through-vsx-every-20-minutes?commentID=9371&et=watches.email.thread#comment-9371>

Preview file
34 KB
Preview file
7 KB
0 Kudos
Labels