Correct, Hyperthreading should be disabled on an SMS, regardless of whether it is open hardware or a Smart-1 appliance. This is further documented here:

sk104788: Detailed Explanation of SMT (HyperThreading) for Smart-1 3050 and Smart-1 3150

Enabling Hyperthreading on an SMS causes at least a 10% performance hit for reasons detailed in the SK.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

After looking a bit more closely at the contents of sk104788, I realized that the recommendation to disable Hyperthreading is most definitely valid for a R77.30 or earlier SMS due to the single-threaded nature of key processes such as fwm and fwd.

However the management backend for R80+ SMS was totally revamped, and at its core are six java-based processes which are most definitely capable of multithreaded operation based on my observations.  I would think that enabling Hyperthreading would actually help for a R80+ SMS at least at the process level, however some single-threaded bottlenecks may still exist at the storage controller driver level or elsewhere that I'm not taking into account. 

I have requested a clarification on this via the feedback mechanism in sk104788, hopefully this post will expedite an answer to this question.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Tim,

Thanks for the additional insights. Given that many processes are now multi-threaded, it may be worth turning HT back on and see how things run. Worst case, I can always turn it back off. I certainly understand why HT would throw off a Gateway by affecting the CoreXL / SecureXL processor core count. But since this is just SMS, none of that should come into play.

I'd be interested if you get additional clarification on sk104788. Thanks again!

Greetings,

As the writer of this SK article, there are those items such as single threaded storage controllers to take into consideration.  There are still also several functionalities that FWM handles, and FWM is still single threaded in R80.10.

However, there is also an EA currently in place that might help this conversation.  There is a new EA to evaluate an updated Gaia OS Kernel and additional features.  Once these have been evaluated I will request the team to update the SK.  However, the current recommendation is to sit tight and keep HT off for now.

Best,

Ben

Great Ben, thank you for the update!  Looking forward to the new Gaia kernel.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com

@BenMorris this is quite old thread, but maybe you could share an update if it is still a recommendation to have HT turned off on MDS?

I am interested in particular in Smart-1 5150 and 3150 running on R80.20.

In sk104788: Detailed Explanation of SMT (HyperThreading) for Smart-1 3050 and Smart-1 3150, Version is given as R77, R77.10, R77.20, R77.30. In the referenced sk93000 - SMT (HyperThreading) Feature Guide for R77, R77.10, R77.20, R77.30, R80.10, R80.20, R80.30, all explanations target gateways and Smart-1 5150 and 3150 (or any Smart-1) are not listed as supported appliances...

Exactly, that's why it would be good to have clarification.

Hi Maria,

Although the Gaia 3.10 kernel has an updated storage driver that shouldn't be the main bottleneck anymore, the most recent answer I got a few months ago about whether to enable SMT on a 3.10 SMS is "it depends".  Someone from R&D will need to weigh in here now that 3.10 has been the default kernel for SMS/MDS for awhile...

Maybe we should rather have it turned off to gain performance...

Would love to get clarification on this from R&D.

R80.40 is not mentioned in sk104788. I wonder if it is recommended to turn HT off in  HP DL380p gen8

Probably.  The process structure for an SMS mentioned in that SK didn't change radically from R80.30 to R80.40.  Not sure about R81 yet, but the fact that multiple policy installations can be run at the same time would seem to imply more SMS processes may be multithreaded in that release, and that the key single-threaded legacy process fwm is not used as much or has had some of its functions split off into other processes.