Re: core allocation change and gnat and nat port a...

Luis_Miguel_Mig · ‎2025-04-29

I have 8 cores: 6 workers and 2 SNDS.

GNAT is enabled by default and therefore the nat port capacity per destination ip is 49601.

https://support.checkpoint.com/results/sk/sk165153

I am planning to change the core allocation to 5w/3snd or 4w/4snd.

Do I need to change anything in terms of GNAT settings? My understanding is that the system will do it for me. So I only need to change the number of workers to 5 or 4, reboot and the gateway will boot with GNAT disabled and ports allocated per destination ip will be divided by between the FW core automatically, right?

PhoneBoy · ‎2025-04-29

As far as I know, you shouldn't need to do this as GNAT will only use the SND cores.

Luis_Miguel_Mig · ‎2025-04-30

From the article
----------------

Starting in R80.40 Security Gateway / Cluster members are able to allocate NAT ports using one global allocation table (this method also referred to as GNAT),
This eliminates the need to divide the ports between CoreXL FW instances altogether.

When the Number of CoreXL FW instances is less than 6, GNAT is disabled by default (not to cause unnecessary overhead in specific scenarios.)

----

PhoneBoy · ‎2025-04-30

Ah yes, I forgot about that.
In this case, GNAT should be automatically disabled once you adjust the core allocation.

Are you a member of CheckMates?

core allocation change and gnat and nat port allocation