Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Eichelbu
Advisor

SmartView Monitor shows fantasy values when monitoring VPN Tunnels

Hello Checkmates,

i have a weird symptom on a customers Checkpoint installation.

in SmartView Monitor sometimes you see a peak connection of serveral Gigabits, but the physical internet connection cannot exceed 200Mbits. This has caused concerns by the customer what is going on ...

in the screenshot u can see that the object: FW-WIB-HIB-01 once had a maxium of 10.197.173 bits ... thats enormous and cannot be true. even when we know the remote sites are not better connected then 100mbits

the central firewall ISP Link is only 200Mbits.

in the cpview of course you dont see this burst, the traffic shown there is much slower.

so what can cause this behavior? is it real or not?

could it be a delayed sending of monitoring data which could trigger a burst?

there is a  SK´s describing to lower or to raise the sampling rate from 30 (defualt) to a lower value...

altough it could performance to lower the value i set all values to zero.

sk83440 "When using SecureXL, the line flips from real speed to zero all the time."

i tried this ... but i guess it only reduced the effect but the effect with gigabit burst is still present ...

the SMS is R80.10 the gateway are all embedded GAiA´s, i will provide you with more detailed infos about versions later.

you have any ideas?

thank you for helping out.

best regards

Thomas.

1 Reply
XBensemhoun
Employee
Employee

Hi Thomas,

(first of all : can you hide gateways' name and SMS' IP address ? Smiley Happy)

Should it be related to 32bits vs 64bits counters? Could you check on the SMS if it is on 64bits mode (show version os edition command)? The same on SMB appliances (but I do'n know if such configuration can apply to them). Regarding version you'll give us, did you already check to the know limitations of the corresponding version? For example:

 - Check Point R77.20 for 600 / 700 / 1100 / 1200R / 1400 Appliance Known Limitations 

 - Known Limitations section of the sk121758 R77.20.75 for Small and Medium Business Appliances 

Information Security enthusiast, CISSP, CCSP
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events