Hello,
CheckPoint Professional Services did a migration from an MDS with 10 Domains to a SmartCenter with 12 Policy packages for us.
We are running R81.10 and JumboHFA Take 150. The migration worked fine.
However we still have (major) performance issues with the environment (and we had these with the MDS, too and hoped a fresh environment with all rules fresh added by API calls will solve issues which may have existied in our old MDS database). It did not. 😞
If we are editing gateways with several hundred interfaces (e.g. adding a logserver or somethings else within the cluster/gateway object) and then clicking "OK" and after that doing the Publish. Clicking "OK" in the CLusterObject menue needs 10 minutes to succeed. The publish takes the same time again. This is very bad with gateway having 300 oder 500 interfaces. CLusters with more members is worse than single gateways (probably because member IPs and virtual IPs).
The next bad situation is, if we have 200 changes in SmartConsole (RUlebase, Policy) and do publish the publish takes several minutes to finished. While this publish the SmartConsole freezes.
Professional Services migrated the Policy using a script which runs agains the API. To add 12.500 rules we needed around 7-8hrs which is very very long.
Unfortunately every time if there is such a "bigger" change the SmartConsole or API it is not possible for other users on different machines to login to SmartConsole. API is not available/responding and existing API tasks which are running may fail.
If we do the changes via SmartConsole, we do not see any load on the Windows client running the SmartConsole in Task Manager.
If we do the changes via API or SmartConsole, on the SmartCenter we can see that 1-2 processes are running with higher load of about 80% (postgres cpm) and sometimes short peaks of less than 1 second of java (CPM) with up to 300% (probably uses more than one CPU core).
We do not see load or latency on the disks. no network traffic spikes.
From our perspective it looks like there is not bottleneck of CPU or memory. We assume there are issues with the API or the API calls against the database.
In parallel we will open a ticket with our Diamond Engineer because Professional Services was running out of ideas at this time.
However I would like to know your experience with API and SmartConsole and maybe how you solved it. if there are any parameters we can tweak please let uns know. We have 32 CPUs and 256 GB RAM.
Regards