This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luis_Miguel_Mig
Advisor
yesterday

cpu detective and SND congestion

I have just noticed that the CPU detective is only designed to capture elephant flows if the FW worker is the problem.
If the SND process is congested then the CPU detective doesn't capture heavy connections.

sk166454 article is consistent what it has been described above.

I was wondering if someone knows how to workaround this constrain

I think it make sense and it would be very useful if we could find heavy connection if the SND is congested.


0 Kudos
4 Replies
AkosBakos
Leader Leader
Leader
yesterday

Hi @Luis_Miguel_Mig 

And what about spike_detective?

I usually use this to determinate the high CPU usage on the GW.

Search for this string in the /var/log/messages.

akos

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
Leader Leader
Leader
yesterday

Hi @Luis_Miguel_Mig 

And one more really useful command: fw ctl multik print_heavy_conn

https://support.checkpoint.com/results/sk/sk178070

Maybe it can help.

Akos

 

----------------
\m/_(>_<)_\m/
(1)
the_rock
Legend
Legend
yesterday
In response to AkosBakos

I had seen Tim Hall give that command many times, its great!

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend
yesterday

On a Quantum Force (9000/19000/29000) or Lightspeed appliance, 100% CPU utilization on the SND cores (at least as reported by Linux-based tools such as vmstat or top) does not necessarily indicate congestion as UPPAK is enabled, which uses poll mode instead of interrupts to grab traffic for processing.

Please provide more information about your appliance model number and Jumbo HFA version.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events