This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Roman_Niewiado1
Contributor
‎2018-11-06 06:14 AM

Multi Domain Server - Performance

Dear community.

I found the solution sk109236 - "High CPU / process crashes / timeout due to large database / first time operations / load on the machine".

The solution to get better performance is to modify the connection buffer.

"The size of the Communication Buffer is hard-coded to 1MB-4MB depending on the version (For R77.10 and above: 4MB)."
"It is strongly suggested to set FWASYNC_MAXBUF=40000000 (or more, according to what the allocation failed on, i.e. if it failed on 40MB, then set to 80MB)"

  • What does the buffer do?
  • What is the limit of increasing the buffer?
  • Why is 40 MB not default?

Regards

Roman

5 Replies
G_W_Albrecht
Legend
Legend
‎2018-11-06 06:51 AM

Increasing a buffer (and yes, there are a lot of buffers in CP GWs and SMS !) adds to memory consumption, so when buffers are very large, swapping will occur and slow down the unit...

CCSE CCTE SMB Specialist
0 Kudos
Timothy_Hall
Champion
Champion
‎2018-11-06 07:17 AM

I believe FWASYNC_MAXBUF is used by the fwm process on a SMS to buffer incoming operations that fwm needs to perform.  In  R77.30 management and earlier, fwm had far too many responsibilities and was mostly single-threaded.  This was a bad combination and led to fwm daemon crashes under heavy load which would eject the administrator from the SmartDashboard and all other GUI tools. 

fwm still exists in R80+ management, but mainly to service the older legacy GUIs like the Smartview Monitor and SmartDashboard and a few other operations.  Given the wholesale changes in R80+ management, fwm has much less to do these days and has been pretty stable from what I've seen; the new cpm daemon has taken over most of fwm's prior responsibilities.  As such I wouldn't worry too much about increasing this buffer for fwm in R80+ management, unless you are actively seeing warnings about running out in $FWDIR/log/fwm.elg.


--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Roman_Niewiado1
Contributor
‎2018-11-06 07:28 AM

Thank you for the answers.

We are using R77.30 Take 292.

$FWDIR/log/fwm.elg is not there.

I increased the buffer to 80 MB. It seems to work better, now.

Regards

Roman

0 Kudos
Roman_Niewiado1
Contributor
‎2018-11-09 03:05 AM
In response to Roman_Niewiado1

Next thing we did was to delete the caching file $FWDIR/conf/CPMILinksMgr.db

It was 60 Gb and maked more free RAM space.
128/125 Gb used to 128/70 Gb

0 Kudos
Alexander_Wilke
Collaborator
‎2018-11-10 03:20 PM
In response to Roman_Niewiado1

Hi Roman,

we are using these parameters since more than 1 year on R77.30 with HFA T225 (and earlier). We configured it on the MDS and the GWs and the last time I read this SK the limit was about 64MB and this is what we configured.

To be honest I don't know what we want to solve in the past with this buffer. I did not notice any bad side effects.

Regards