This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tim_Koopman
Contributor
‎2018-06-20 10:21 PM

Performance impact when enabling NetFlow?

I am wondering what is the performance impact of enabling NetFlow?

And how does that compare to normal Logging from a performance point of view?

I have some large gateways and we required currently to log all traffic both allowed and blocked. On our bigger firewalls this is starting to cause problems as the FWD process that handles all logging is single threaded so while we have followed the best practice and given it a dedicated CPU core that is still not enough. The FW worker process are not even at 50% so firewall can handle more but logging often goes to local logging only.

Our log servers themselves are running fine it is just the FWD logging process causing a bottleneck.

I am thinking if NetFlow has less of an impact on the CPUs or even if the same impact but spread over multiple CPUs then I may be able to suggest we change to only logging more important entries and use NetFlow for the rest.

Any data around this would be appreciated.

Tim

1 Reply
PhoneBoy
Admin
Admin
‎2018-06-21 10:17 AM

My understanding is that Netflow:

  • Relies on SecureXL
  • Only sends traffic handled by SecureXL and friends (includes Medium Path)
  • Only sends updates every 30 minutes or so

As such I would not expect it to have a huge performance impact. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events