This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Happy__
Collaborator
‎2020-08-10 01:32 AM

Facing Latency/disconnection issue due to mirror traffic on 1200R device

Hi Team,

 

We are facing latency/disconnection issues in the network when we connect the mirror port on the firewall monitored interface.

We created a bridge group between DMZ & LAN3 interfaces on firewalls. We have one monitored interface connected with the switch mirror interface. Due to mirror traffic, we are facing a latency issue, when we connect the mirror port interface on the LAN2 firewall interface the RX of interface increase rapidly and TX of DMZ increases rapidly.

 

I attached the network topology diagram.

 

 

 
 
 

 

0 Kudos
6 Replies
Happy__
Collaborator
‎2020-08-10 01:33 AM

 
Preview file
614 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-08-14 11:29 AM

What blades are active here?

Do you know how much traffic the mirror port is sending to the gateway?

0 Kudos
Happy__
Collaborator
‎2020-08-18 09:05 PM
In response to PhoneBoy

Only FW blade is enabled, Don't know the exact amount of traffic.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-08-18 09:12 PM
In response to Happy__

There’s almost no point in using a mirror port with just firewall active.
Also, it’s more difficult to process mirror port traffic, generally speaking.
Might be worth posting the output of the Super Seven commands for SMB: https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/Super-Seven-Performance-Assessment-Comman...

0 Kudos
Happy__
Collaborator
‎2020-08-18 09:17 PM
In response to PhoneBoy

We will use the IPS blade letter once the traffic becomes stable.

0 Kudos
John_Fleming
Advisor
‎2020-08-20 03:08 PM

You have to be very careful with those boxes. The 1200R has a single core and I would think a traffic mirror would send a lot of data through to the CPU to process the traffic. I would also assume this isn't creating a network loop but i can say for sure from past exp that if you plug 2 ports in from a vswitch into the same vlan it will create a loop on the firewall and make the CPU instantly go crazy which then prevents the firewall from doing anything.

0 Kudos