This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Simply_sachin
Explorer
‎2021-09-24 01:57 AM

MTU issue

Dear Checkmates...

Currently 20 GWs  managed with single management Server R81 on VM in our Setup. Considering business

criticality, We plan to build redundant management  server in other business unit and the same has been done.

Now the problem starts as below:

While Sync the backup file from primary to DR  location:

I) never sync completes

2) Drop the session due to time-out error.

3) Slow data transfer

So we are struggling and unable to build secondary management server.

Check point Team telling MTU issue with ISP,but ISP refusing the MTU issue because of file transfer between other than management is server is normal.

 

Please share your ideas and  views on this if anybody come across this issue.

Advance thanks..

 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2021-09-24 04:58 AM

An MTU issue should be easily shown with pings and df-set from any machine not just the Check Point Mgmt, also is there a VPN involved?

 

 

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-09-24 05:10 AM

What Jumbo HFA level are you using for R81?  There have been many, many Management HA stability and performance fixes in those.

Also R81.10 claims to have significant Management HA sync performance and stability fixes; it is not clear whether only some of or all of these improvements have been back-ported into the R81 Jumbo HFAs.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend
‎2021-09-24 08:41 AM

Put it this way, so you can consider your options...

 

Based on past experience, it is known that larger MTU sizes typically provide better overall performance than smaller MTU sizes. Larger MTU sizes reduce the number of packets needed to transfer a large amount of data. ... In general, using fewer packets typically reduces the overhead and improves overall performance.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-09-24 06:24 PM
In response to the_rock

Also need to consider an MTU mismatch (fragmentation).

CCSM R77/R80/ELITE
the_rock
Legend
Legend
‎2021-09-25 04:54 AM
In response to Chris_Atkinson

Yes sir, thats a very good point...indeed, fragmentation can affect VPN performance big time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events