Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Benjamin_Carrie
Collaborator

Traffic history monitoring impact

In the monitoring tab there is a warning that enabling traffic history may impact performances.

I couldn't find more details in any documentation, what type of impact are we talking about (I understand there is no precise answer to that but is it more like 1% or 20%)? I'd be also interested in the technical reasons that causes the performance impact.

Looking forward for any feedback if you enabled it in your environment as well.

Thank you

8 Replies
Martin_Raska
Advisor

I guess this is related to SecureXL. Tim will know the exact answer.

0 Kudos
Danny
Champion
Champion

I have often enabled these checkboxes on firewalls with less than 10% CPU usage. I didn't notice any performance impact.

0 Kudos
PhoneBoy
Admin
Admin

In the days before SecureXL, this definitely had more of an impact.

SecureXL actually provides a lot of these statistics now, so the impact is pretty minimal.

Timothy_Hall
Champion
Champion

See my response here, short answer is to go ahead and enable them:

https://community.checkpoint.com/message/21698-re-enabling-traffic-connections-for-the-smartview-mon... 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Dario_Samaniego
Employee
Employee

HI Tim

What about this information sk32578 -SecureXL Mechanism, i

(1) Acceleration of packets

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

"Traffic Connections" and "Traffic Throughput" counters in "Monitoring Software blade" pane (in Security Gateway object).

the sk is outdated???

0 Kudos
Benjamin_Carrie
Collaborator

Well found I didn't see this!

However I think it may be outdated indeed, I just checked on a gateway with both counters enabled and 93% of the traffic is fully accelerated with SXL path (the gateway only has firewall and monitoring blade).

It would be great if we can have an official answer on that and update the SK.

Timothy_Hall
Champion
Champion

That statement is outdated, and was rectified in R77.20 and later via a change in the SecureXL accounting mechanism:

sk101107: SmartView Monitor shows incorrect traffic amounts when SecureXL is enabled in R76 / R77 / ...

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
Timothy_Hall
Champion
Champion

Sorry to resurrect such an old thread, but if a very high amount of traffic is fully accelerated by SecureXL and there is a very large number of concurrent connections, enabling all checkboxes on this screen can cause some strange-looking high CPU utilization on your Firewall Worker/Instances due to all the requested monitoring statistics passing back and forth between SecureXL and the Firewall Instances/Workers: sk173924: High CPU for all fw_workers when Monitoring blade is Active

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos