This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ngoodall
Explorer
‎2019-10-31 04:21 AM

Maximum amount of CPU cores supported by open server management

Hi,

What is the maximum amount of CPU cores supported by open server management.

Thank you in advance.

Nico

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2019-11-01 01:17 PM

Management servers are not specifically core limited.
That only applies to Security Gateways.
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2019-11-02 08:14 AM

Since monster VMs don't necessarily makes sense the main limit is choosing something from the HCL.

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2019-11-03 02:34 AM

As Dameon said there are no core limits enforced on management.  The automatic resource and Java heap size scaling tops out at 12+ cores for a SMS, so while having more than 12 cores certainly won't hurt it probably won't provide any appreciable performance gain. 

Based on some testing I performed in the past, there was a noticeable increase in SMS performance as each core was added up to 8, then only minor improvement for cores 9-12, and no perceptible improvement beyond 12.  For MDS/Provider-1 however more cores beyond 12 can certainly help for configurations with a large number of Domains/CMAs.

 

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
0 Kudos
yura_k
Contributor
Contributor
‎2026-01-14 08:14 AM
In response to Timothy_Hall

Hi Timothy! Could you please tell us how your opinion on the number of cores for the management server has changed? 🙂

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2026-01-16 06:17 AM
In response to yura_k

My prior post was from 2019, and under the hood, Check Point has been slowly eliminating single-thread bottlenecks in management, which limited the number of cores that could be effectively used.  Examples include the single-threaded fwm process losing more and more responsibilities with each release, and the "scale-out" and multi-threading of the fwd process in R82; these two old processes were the biggest single-thread offenders.  

The top-of-the-line 6000XL has 32 physical cores, and the new 7000UL has 56 physical cores, so that tells you right there if Check Point added that many cores, they feel like they can be used.  So just based on that increase, I'd hazard a guess that an R82+ SMS would be able to actually use 20 if not 24 cores.  

I also find it interesting that, for the newer Smart-1 700/7000 series, they are quoting not only the physical core count but also the number of threads when SMT is enabled (i.e., the 7000-UL is quoted as 56/112 cores).  This is another indication of more multithreading in the newer software releases, which, very generally speaking, gain benefits from SMT, whereas single-thread bottlenecks do not.

However, I feel like this quoting of cores/threads for the 700/7000 models is a bit disingenuous, as it appears SMT is enabled by default on some 700/7000 models and not others, so they are bumping up the core counts in the spec sheet, but they can't be used because SMT is off on some models.  In 2019, the recommendation was to leave SMT off for an SMS, which definitely made sense at the time.  However I've asked here at CheckMates several times whether that recommendation still holds in 2026 for R82+, and I've gotten crickets each time.  I assume the lack of response means "it depends", but it would be nice to know for sure in regards to an SMS implemented on open hardware/ESX.

The above discussion is just for an SMS, for Multi-Domain more cores are always going to be better especially if you have a lot of domains/CMAs, since each domain has it own separate instance of processes such as fwm/fwd that even if single-threaded can execute on separate cores in parallel.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
(1)
Henrik_Noerr1
Advisor
‎2026-01-16 07:30 AM
In response to Timothy_Hall

Check out the chosen_cpsetup_profile as well. It sets the low level settings regarding postgres cache, threads, heap size etc.

https://community.checkpoint.com/t5/Management/CHOSEN-CPSETUP-PROFILE-and-Multi-Domain-Log-Servers/m...

So it basically assigns hard limits and % based values based on ram and cores or appliance model.

It changed quite a bit going from r81.20 to r82 - I have not checked r82.10 - but r82 actually allows for MLM specific settings on Open Servers, which was not the case in r81.20 if you did not manually fidle with the values.

/Henrik

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-14 10:12 AM
In response to Timothy_Hall

We have more than 50 domains and main mds runs 48 cores.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
TurgutKaplanogl
MVP
MVP
‎2026-01-14 08:31 AM

Hello,

You can check this sk;

Maximal number of supported CPU cores by Check Point operating system;

https://support.checkpoint.com/results/sk/sk96114 

At the same time you can check this SKs for sizing;

Sizing Recommendations for Check Point Security Management Server

https://support.checkpoint.com/results/sk/sk178325

Security Management Sizing

https://support.checkpoint.com/results/sk/sk181782

 

Thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events