- CheckMates
- :
- CheckMates Toolbox
- :
- Scripts
- :
- Re: Max Power (max) - Fix me beautiful
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
max - Max Power - Fix me beautiful
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
max is a community driven health, security and performance optimization script. GPL licensed.
Installation (expert mode) or download:
curl_cli http://dannyjung.de/max | zcat > /usr/bin/max && chmod +x /usr/bin/max
Changelog
- 0.1 - Initial Release (Early Availability)
- 0.2 - Added checks for address spoofing, stateful inspection
The script name is referring to Check Points Maximizing Network Performance guide and Tim Hall's Max Power Firewalls book, which (together with Michael Endrizzi's free CoreXL training) inspired me to start this accompanying project. As Valeri Loukine mentioned in his Gateway Performance Optimization post, it's a tough challenge to master. This script is here to help.
max is a community driven health, security and performance optimization script. GPL licensed.
Installation (expert mode) or download:
curl_cli http://dannyjung.de/max | zcat > /usr/bin/max && chmod +x /usr/bin/max
Changelog
- 0.1 - Initial Release (Early Availability)
- 0.2 - Added checks for address spoofing, stateful inspection
The script name is referring to Check Points Maximizing Network Performance guide and Tim Hall's Max Power Firewalls book, which
Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great tool if you didn't a similar one already! Nicely written too..
I'm not entirely sure how far you wanted to go with this tool, but maybe I can put some things on the wish-list
- check if aggressive aging is not active from fw ctl pstat
- check if acceleration templates are not disabled high up in the rulebase from fwaccel stat
- take number on top of release maybe? early takes could indicate possible problems that are already fixed in later takes, i.e. grep 'was installed successfully' /opt/CPInstLog/DA_UI.log | egrep "Image|Jumbo|Upgrade|Bundle_T" | tail -1 | sed 's/Take/#/' | sed 's/was/#/' | sed 's/)//' | awk -F# '{print "Take"$2}'
- take say 3 samples of all CPU core usage from top output and see if any of them is running flat out, might be indication of wrong split between SXL and CoreXL or CoreXL allocation
else keep producing more of these!
Great tool if you didn't a similar one already! Nicely written too..
I'm not entirely sure how far you wanted to go with this tool, but maybe I can put some things on the wish-list
- check if aggressive aging is not active from fw ctl pstat
- check if acceleration templates are not disabled high up in the rulebase from fwaccel stat
- take number on top of release maybe? early takes could indicate possible problems that are already fixed in later takes, i.e. grep 'was installed su
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kaspars Zibarts,
thanks for your kind words. I'm hoping the community drives this project as far as possible.
I've noticed that all optimization guides feature simple if-then instructions (e.g. Max Power 2 , 'Special Case: 2 Cores' notes that if a firewall only has 2 Cores with 10Gbps interfaces then it's not recommended for productive use.)
However, no one started to put these instructions into executable code making is easier to correctly apply and use it.
From this perspective I see absolutely no similarities between our ccc script and max.
max is very modular. I put every check into a separate function empowering the CheckMates community to easily create and post new functions here to be added to the script.
Regards,
Danny
Hi Kaspars Zibarts,
thanks for your kind words. I'm hoping the community drives this project as far as possible.
I've noticed that all optimization guides feature simple if-then instructions (e.g. Max Power 2 , 'Special Case: 2 Cores' notes that if a firewall only has 2 Cores with 10Gbps interfaces then it's not recommended for productive use.)
However, no one started to put these instructions into executable code making is easier to correctly apply and use it.
From this perspecti
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What a great tool !
I can imagine to have this, CCC script and health check script as one bundle. Why we have 3 separate scripts if we can merge them into one ?
It will be up to user what he need to check/configure.
Just idea for further cooperation
Jozko Mrkvicka
What a great tool !
I can imagine to have this, CCC script and health check script as one bundle. Why we have 3 separate scripts if we can merge them into one ?
It will be up to user what he need to check/configure.
Just idea for further cooperation
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The next version of our ccc script will have an option to install and start max.
I won't merge the scripts into one (yet) as their code is absolutely different. max is 99.9% modular, won't preload anything, doesn't require user interaction etc. while ccc highly interacts with the user to access common Check Point commands.
The next version of our ccc script will have an option to install and start max.
I won't merge the scripts into one (yet) as their code is absolutely different. max is 99.9% modular, won't preload anything, doesn't require user interaction etc. while ccc highly interacts with the user to access common Check Point commands.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting work, Danny Jung. Timothy Hall, what do you say?
Interesting work, Danny Jung. Timothy Hall, what do you say?
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When writing the first edition of my book, I did think to myself at one point: "Hmm I bet I could write a script that would run all the discovery commands, parse the output and issue alerts based on the output". For any findings the script could even reference the relevant page number in the book for further reading, if the finding did not make sense or more context was required to take meaningful action to correct it. Never quite got the time to write it, although the healthcheck.sh tool created by Check Point was kind of similar to that concept. Love it!
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
now available at maxpowerfirewalls.com
When writing the first edition of my book, I did think to myself at one point: "Hmm I bet I could write a script that would run all the discovery commands, parse the output and issue alerts based on the output". For any findings the script could even reference the relevant page number in the book for further reading, if the finding did not make sense or more context was required to take meaningful action to correct it. Never quite got the time to write it, although the healthcheck.sh to
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tim wrote: "For any findings the script could even reference the relevant page number in the book for further reading.."
This is exactly what I have in mind for the script: Referencing the exact RFC, page number in your book, Check Point SK etc. This way the script will then hopefully also be respected for it's educational character besides building trust and liability for it's recommendations.
Tim wrote: "For any findings the script could even reference the relevant page number in the book for further reading.."
This is exactly what I have in mind for the script: Referencing the exact RFC, page number in your book, Check Point SK etc. This way the script will then hopefully also be respected for it's educational character besides building trust and liability for it's recommendations.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content