Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Simply_sachin
Explorer

MTU issue

Dear Checkmates...

Currently 20 GWs  managed with single management Server R81 on VM in our Setup. Considering business

criticality, We plan to build redundant management  server in other business unit and the same has been done.

Now the problem starts as below:

While Sync the backup file from primary to DR  location:

I) never sync completes

2) Drop the session due to time-out error.

3) Slow data transfer

So we are struggling and unable to build secondary management server.

Check point Team telling MTU issue with ISP,but ISP refusing the MTU issue because of file transfer between other than management is server is normal.

 

Please share your ideas and  views on this if anybody come across this issue.

Advance thanks..

 

0 Kudos
5 Replies
Chris_Atkinson
Employee
Employee

An MTU issue should be easily shown with pings and df-set from any machine not just the Check Point Mgmt, also is there a VPN involved?

 

 

0 Kudos
Timothy_Hall
Champion
Champion

What Jumbo HFA level are you using for R81?  There have been many, many Management HA stability and performance fixes in those.

Also R81.10 claims to have significant Management HA sync performance and stability fixes; it is not clear whether only some of or all of these improvements have been back-ported into the R81 Jumbo HFAs.

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
the_rock
Authority
Authority

Put it this way, so you can consider your options...

 

Based on past experience, it is known that larger MTU sizes typically provide better overall performance than smaller MTU sizes. Larger MTU sizes reduce the number of packets needed to transfer a large amount of data. ... In general, using fewer packets typically reduces the overhead and improves overall performance.

0 Kudos
Chris_Atkinson
Employee
Employee

Also need to consider an MTU mismatch (fragmentation).

the_rock
Authority
Authority

Yes sir, thats a very good point...indeed, fragmentation can affect VPN performance big time.

0 Kudos