cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How can I troubleshoot traffic hanging through VSX every 20 minutes ?

Hello,

I'm trying to troubleshoot a VSX issue.

The customer indicates that when he monitors traffic using a basic monitoring software between two lans through a VSX, the connection somehow hangs every 20 minutes.

network config is quite basic.

internal networks - internal VSX - core network - external VSX - internet.

I checked the performances so far and everything seems ok, except all interfaces IRQs use the same CPU. The coreXL license only allows the use of 4 CPUS, the open server has 16 cores.

I have 2 VSX instances for filtering, and the CPU doesn't seem to go too high.

I also thougth about upgrading the network drivers for 10 GBE interfaces (ixgbe) using intel drivers for linux, as checkpoint doesn't provide any driver for open servers. Did anyone already did this ? 

How can I troubleshoot further to check where the latency comes from ?

Best regards.

0 Kudos
2 Replies

Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

Is there any issues with other traffic than this monitoring traffic?

As a first step I would  check so the traffic is going through the firewall properly:

fw monitor -T -e "accept host(x.x.x.x) and host(x.x.x.x);"

When the customer runs into the issue, check the timestamps of the traffic if there was high latency for packet to be forwarded out of the out interface. 

If you suspect that the packets are dropped, you can run a drop debug to see if they were dropped for some reason.

fw ctl zdebug + drop 

You can also use cpview to make sure the interfaces are not overloaded, and that there are no traffic spikes at the time of the issue. Check the CPU usage of the dispatcher core, so that it is not overloaded.

Also, of course make sure you check the traffic logs for this traffic so they look alright.

0 Kudos

Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

Hello,

There is no traffic drop.

The core used for traffic dispatching is not overloaded.

I already checked some captures, but I couldn’t find any delay.

Best regards.

Nicolas FIGARO

Responsable Intégration Sécurité Sud

M : 06 19 13 76 72

Exaprobe

Buroparc 1 – Voie 1

44 rue de la Découverte – CS 37630

31676 LABEGE CEDEX

email : nfigaro@exaprobe.com<mailto:nfigaro@exaprobe.com>

web : www.exaprobe.com<http://www.exaprobe.com/> / www.econocom.com<http://www.econocom.com/>

<https://cybersecuritymonth.eu/>

De : Albin Hakansson

Envoyé : vendredi 6 octobre 2017 20:51

À : Nicolas FIGARO <nfigaro@exaprobe.com>

Objet : Re: - Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

CheckMates <https://community.checkpoint.com/?et=watches.email.thread>

Re: How can I troubleshoot traffic hanging through VSX every 20 minutes ?

reply from Albin Hakansson<https://community.checkpoint.com/people/albinb68274a1-403b-4929-8ee1-1890d1cbc3fd?et=watches.email.thread> in General Product Topics - View the full discussion<https://community.checkpoint.com/message/9371-re-how-can-i-troubleshoot-traffic-hanging-through-vsx-every-20-minutes?commentID=9371&et=watches.email.thread#comment-9371>

0 Kudos