Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jesus_Cano
Collaborator

Activate license IPS

Hi,

We have a cluster Checkpoint R77.30. So we are thinking in enable IPS blade. So we would like to know if these FWS will support the load (CPU, RAM) with IPS blade enable. What parameters about machine we have to know in order to enable IPS without load CPU RAM penalties. Any commands? advice? et.

thanks 

3 Replies
ED
Advisor

Hi,

You don't mention if you have Appliance or Open servers running for your cluster. Check Point has a performance sizing utilty (not supported on Open servers and some appliances) which can assist you in decision of enabling IPS blade. 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

From the description:

The cpsizeme is a lightweight shell script that produces a detailed performance report of Check Point Security Gateway. This script measures the ongoing resource utilization on Security Gateway during the given time period (refer to "Running cpsizeme" section). During this period, the script gathers information about CPU, memory consumption, throughput and few other important performance parameters.

This cpsizeme output and report can assist in improving the sizing accuracy in any one of the following scenarios:

  • Replacing the current Security Gateway appliance/server with a new one.
  • Future growth and planning ahead.
  • Enabling more security Software Blades on the current Security Gateway.
  • Troubleshoot performance issues on the Security Gateway

IPS can have from low to high performance impact on your gateways (depending on your tuning and number of enabled protections) so if your gateways are already saturated you wil not have much left for growth in resouce utilization. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Please tell us which blades are currently enabled and how much the CPU is loaded on active member. You should also look into SecureXL stats...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend

Please provide output from the "Super Seven" commands (Super Seven Performance Assessment Commands (s7pac))  and I should be able to give you a rough projection of what enabling IPS will do to the gateway's performance.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events