Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jerry
Mentor
Mentor

SecureXL PXL ...

quick one chaps:

Accelerated conns/Total conns : 1287/12967 (9%)
Accelerated pkts/Total pkts   : 14781656997/19848761750 (74%)
F2Fed pkts/Total pkts   : 372423984/19848761750 (1%)
PXL pkts/Total pkts   : 4694680769/19848761750 (23%)
QXL pkts/Total pkts   : 0/19848761750 (0%)

what do you think personally went wrong with my SG so that I've got PXL 23% ?

 

any hints/tips/advise highly appreciated 🙂

Jerry
0 Kudos
13 Replies
Daniel_Taney
Advisor

What blades are enabled on this GW?

R80 CCSA / CCSE
0 Kudos
Jerry
Mentor
Mentor

just FW and VPN not a single other one 🙂 it is a ClusterXL A/S mode R80.10 recent take.
Jerry
0 Kudos
Daniel_Taney
Advisor

What are the main types of traffic going through this FW? For example, could there be a high amount of VoIP or NAT'd traffic passing through?

What model Appliance is the GW running on? If you look at netstat -ni do you see a large amount of RX-DRP on any Interfaces?

 

R80 CCSA / CCSE
0 Kudos
Jerry
Mentor
Mentor

Daniel,

 

1. data rather than voice, no SIP really pass-through though

2. appliance 5600 in A/S HA

3. see below, although I don't believe that traffic wise there is something wrong I"m rather thinking about the fwaccell itself that some rules malform secureXL processing with fwk_x

 

Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
Mgmt       1500   0 11494072815      0      0      0 24103977662      0      0      0 BMRU
Sync       1500   0 138483134      0      0      0 375625940      0      0      0 BMRU
eth1-01    1500   0 61789690671      0      0      0 48260619502      0      0      0 BMRU
eth1-01.x  1500   0 3708121712      0      0      0 172286544      0      0      0 BMRU
eth1-01.x  1500   0 12412525      0      0      0  7472255      0      0      0 BMRU
eth1-01.x  1500   0 282997295      0      0      0 24901857      0      0      0 BMRU
eth1-01.x  1500   0 40214932      0      0      0  3581429      0      0      0 BMRU
eth1-01.x  1500   0 27668543605      0      0      0 76275452      0      0      0 BMRU
eth1-01.x  1500   0 326260080      0      0      0 378986686      0      0      0 BMRU
eth1-01.x  1500   0 210683847      0      0      0  4968650      0      0      0 BMRU
eth1-01.x  1500   0 17659464745      0      0      0 54373736      0      0      0 BMRU
eth1-01.x  1500   0  1824139      0      0      0   654386      0      0      0 BMRU
eth1-01.x  1500   0 228405787      0      0      0 34088098      0      0      0 BMRU
eth1-01.x  1500   0 124398097      0      0      0 32073865      0      0      0 BMRU
eth1-01.x  1500   0 794263868      0      0      0  3945996      0      0      0 BMRU
eth1-01.x  1500   0 4759642177      0      0      0 236294641      0      0      0 BMRU
eth3       1500   0 2888482568      0      0      0 2453482378      0      0      0 BMRU
eth4       1500   0 84601735      0      0      0 27402403      0      0      0 BMRU
eth8       1500   0 1268296181      0      0      0 2475779489      0      0      0 BMRU
lo        16436   0  5167245      0      0      0  5167245      0      0      0 LRU

Jerry
0 Kudos
Jerry
Mentor
Mentor

btw. no SIM affinity in use 🙂 no point, it's not VSX.
Jerry
0 Kudos
Jerry
Mentor
Mentor

hm, also one more thing to add to the bucket:

drop-reasons I've got 97% as "monitored spoofed" 😞 very weak design though network wise ... cpview rocks!
Jerry
0 Kudos
Daniel_Taney
Advisor

I think that means Anti-Spoofing is set to detect on an Interface. Do you have any Anti-Spoofing events in your fw logs?

R80 CCSA / CCSE
0 Kudos
Jerry
Mentor
Mentor

also see enclosed 🙂

Jerry
0 Kudos
Wolfgang
Authority
Authority

Do you have any rule for Microsoft CIFS-Traffic something like the all_dce_rpc service?

These kind of traffic isn‘t accelerated.

0 Kudos
Jerry
Mentor
Mentor

yes they do have lots of SMB/CIFS but ... so many really?

ps. that was a quizz btw. 🙂
Jerry
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

You found more informations to PXL here:

R80.x Security Gateway Architecture (Logical Packet Flow)

R80.x Security Gateway Architecture (Content Inspection)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Jerry
Mentor
Mentor

Cheers Heik0, as usual spot-on 🙂
Jerry
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events