This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ErikTorres
Participant
5 hours ago

CVPND process consumes 80% CPU

Hello there,

I currently have a FW 9100, R81.20 JHF 90, the Mobile Access portal does not respond for 8 min after the policy installation finishes, I have identified that the CVPND process rises in CPU going from 0.X to 80% average and at this point is when the Mobile Access portal does not respond, when the CPU usage of the CVPND Process returns to its normal state (0.X) the mobile access portal returns to work correctly.

This causes that the new users that want to connect cannot connect, BUT the users that were connected, continue working correctly.

This FW ONLY has the VPN Mobile Access blade enabled, acceleration is also enabled.

I have months with the issue, I have gone through different cases with TAC, but so far they have not been able to find the solution.

Before having the issue, we had a FW 5600 where we did not have the issue, then we went through a FW 6200 and started to have the issue and currently we have a 9100 with the same issue.

I have read a similar case in:
https://community.checkpoint.com/t5/Remote-Access-VPN/CVPND-process-consumes-100-CPU/td-p/51854

But they don't mention the solution

I hope you can help me

Best Regards!

0 Kudos
3 Replies
the_rock
Legend
Legend
2 hours ago

This is what Massimo said in November 2019.

In our case the problem was fixed removing all the network objects (groups in particular is a CPU consuming) from all the Roles

 

Now, Abhisot mentioned about some sort of custom fix.

Andy

0 Kudos
ErikTorres
Participant
an hour ago
In response to the_rock

Hello @the_rock 

Thank you for your comments, I have the following questions

So, the recommendation would be to delete the network groups?

Would it be replaced by host objects?


Is this really useful when there are rules with so many hosts?

I would also like to comment that some users use the mobile access client (example E87) and others through the web portal, my question is if these network objects are deleted from the Access Control rules or from the mobile access rules of the smartdashboard?

Best Regards!

0 Kudos
the_rock
Legend
Legend
20m ago
In response to ErikTorres

I cant say for certain if that indeed would be recommendation, its simply my logical conclusion reading previous post. Personally, I would open TAC case and see what they suggest.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events