Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nlegastelois
Explorer

unable to find who is consuming bandwidth

Hello,

I am using a clusterXL with gateways on R80.30 and I am trying to find a way to identify who is consuming the bandwidth when our network is oveloaded.

I tried cpview but the top connection in network is not there anymore.

I tried using smart monitor but there is no the option maybe because I don't have the monitoring licence.

I tried running the script to find the top talkers but it's not based on the bandwidth.

So do you know what could be the solution ?

Thanks

Nicolas

0 Kudos
8 Replies
Timothy_Hall
Legend Legend
Legend

Load R80.30 Jumbo HFA Take 227 or higher and several helpful cpview screens (including Top Connections) will return.  You can also try running  fw ctl multik print_heavy_conn which will show you all the elephant flows in the last 24 hours.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Mattias_Jansson
Collaborator

There is a note for enabling top connections in cpview as described in sk167903 saying:
Note: enabling this feature may cause a performance impact!

We are on 23900 appliance with R80.30 take 237 on vsx (vsls) with cpu peaking at 40-45%. I am seeing much higher througput then normal for a couple of days. Is it safe to enable the feature to find the connections causing high traffic?

Btw: is fw ctl multik print_heavy_conn not supported on vsx?

0 Kudos
shais
Employee
Employee

Hi,

It's safe to enable the top connections/protocol, at ~45% CPU you won't see much impact from this.

Note that this will only enable the view under Network tab, not CPU tab.

Timothy_Hall
Legend Legend
Legend

fw ctl multik print_heavy_conn does not work in VSX until R80.40 Jumbo HFA Take 78+ and later.  I've never noticed a performance impact by enabling this feature.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend

I thought I saw option for that in SV monitor, but I could be wrong. Let me look it up in the R80.40 lab.

0 Kudos
PhoneBoy
Admin
Admin

You have to take specifics steps to enable top connections after installing JHF 227 or above on R80.30.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
nlegastelois
Explorer

Unfortunatly I have a specific hotfix on the take 196 that will not follow the upgrade to the take 227 so I have to find a solution in waiting.

Thanks for your answers

0 Kudos
the_rock
Legend
Legend

The best advice I could offer in that case would be to ask TAC if port fix would be possible by R&D, so you dont lose feature of custom fix given on top of take 196, if they could include that in take 227.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events