Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Happy__
Collaborator

Facing Latency/disconnection issue due to mirror traffic on 1200R device

Hi Team,

 

We are facing latency/disconnection issues in the network when we connect the mirror port on the firewall monitored interface.

We created a bridge group between DMZ & LAN3 interfaces on firewalls. We have one monitored interface connected with the switch mirror interface. Due to mirror traffic, we are facing a latency issue, when we connect the mirror port interface on the LAN2 firewall interface the RX of interface increase rapidly and TX of DMZ increases rapidly.

 

I attached the network topology diagram.

 

 

 
 
 

 

0 Kudos
6 Replies
Happy__
Collaborator

 
0 Kudos
PhoneBoy
Admin
Admin

What blades are active here?

Do you know how much traffic the mirror port is sending to the gateway?

0 Kudos
Happy__
Collaborator

Only FW blade is enabled, Don't know the exact amount of traffic.

0 Kudos
PhoneBoy
Admin
Admin

There’s almost no point in using a mirror port with just firewall active.
Also, it’s more difficult to process mirror port traffic, generally speaking.
Might be worth posting the output of the Super Seven commands for SMB: https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/Super-Seven-Performance-Assessment-Comman...

0 Kudos
Happy__
Collaborator

We will use the IPS blade letter once the traffic becomes stable.

0 Kudos
John_Fleming
Advisor

You have to be very careful with those boxes. The 1200R has a single core and I would think a traffic mirror would send a lot of data through to the CPU to process the traffic. I would also assume this isn't creating a network loop but i can say for sure from past exp that if you plug 2 ports in from a vswitch into the same vlan it will create a loop on the firewall and make the CPU instantly go crazy which then prevents the firewall from doing anything.

0 Kudos