This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jesus_Cano
Collaborator
‎2018-12-10 12:17 AM

Activate license IPS

Hi,

We have a cluster Checkpoint R77.30. So we are thinking in enable IPS blade. So we would like to know if these FWS will support the load (CPU, RAM) with IPS blade enable. What parameters about machine we have to know in order to enable IPS without load CPU RAM penalties. Any commands? advice? et.

thanks 

3 Replies
ED
Advisor
‎2018-12-10 01:33 AM

Hi,

You don't mention if you have Appliance or Open servers running for your cluster. Check Point has a performance sizing utilty (not supported on Open servers and some appliances) which can assist you in decision of enabling IPS blade. 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

From the description:

The cpsizeme is a lightweight shell script that produces a detailed performance report of Check Point Security Gateway. This script measures the ongoing resource utilization on Security Gateway during the given time period (refer to "Running cpsizeme" section). During this period, the script gathers information about CPU, memory consumption, throughput and few other important performance parameters.

This cpsizeme output and report can assist in improving the sizing accuracy in any one of the following scenarios:

  • Replacing the current Security Gateway appliance/server with a new one.
  • Future growth and planning ahead.
  • Enabling more security Software Blades on the current Security Gateway.
  • Troubleshoot performance issues on the Security Gateway

IPS can have from low to high performance impact on your gateways (depending on your tuning and number of enabled protections) so if your gateways are already saturated you wil not have much left for growth in resouce utilization. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-12-10 02:43 AM

Please tell us which blades are currently enabled and how much the CPU is loaded on active member. You should also look into SecureXL stats...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2018-12-10 05:09 AM

Please provide output from the "Super Seven" commands (Super Seven Performance Assessment Commands (s7pac))  and I should be able to give you a rough projection of what enabling IPS will do to the gateway's performance.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events