This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vincent_Croes
Contributor
‎2021-06-16 02:40 AM

CPview and VSX - Analyse CPU Load per Instance per connection

Checkmates

Why is it that on VSX, we receive less functionality when using CPview? More specific: on regular gateways, we can analyze the CPU load per instance and view the top connection or top service that goes along with it.

Example:

instance_load.png

I'm sure that the architecture behind VSX mode is not quite the same as a regular gateway and poses a different set of challenges but this screenshot is from a R80.10 gateway and yet to my knowledge this feature is still not implemented in VSX on R81. Is this not incredible useful?

I have checked with TAC & my local office, I also checked the support center but no-one can give me a proper tool to investigate CPU load in correlation with a specific connection. Also I requested an improvement via a form on the CP website but that seems to end up in someone spam folder.

6 Replies
Timothy_Hall
MVP Gold
MVP Gold
‎2021-06-16 04:51 AM

The functionality difference stems from the traditional kernel space mode for INSPECT vs. process space mode (fwk processes - called User Space Firewall).  VSX has always used fwk processes to implement INSPECT and now the newer mainline gateways (including Quantums) are using USFW by default.  Some of the feature differences between VSX/USFW and kernel mode got called out in my CPX 2020 speech, and since then the feature gap has almost been completely closed by R&D.  Future development is likely to use USFW everywhere, so now we are starting to see some new features available exclusively in USFW mode but not kernel mode.

As far as the cpview screens you are missing you can get them back with the proper version/Jumbo HFA and by setting kernel variables sim_top_conns_enable=1 & sim_top_proto_enable=1 as mentioned here:

sk167903: CPview Top Connections and Protocols tabs show no data

Those screens are not available at all for VSX R80.10 and earlier due to the older implementation of SecureXL in that version.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Vincent_Croes
Contributor
‎2021-06-16 05:03 AM
In response to Timothy_Hall

Thanks for that interesting read. However please note that I'm referring to the Top-protocols and Top-connections within the CPU tab not the network tab. We really want to have the column "% out of CPU" as you can see in my initial screenshot.

We are also going to R80.30 for all our VSX clusters.

0 Kudos
Elad_Chomsky
Employee
Employee
‎2021-06-16 05:34 AM

Hi,

You can use CPView today on VSX. But it is per VS, And the amount of statistics is currently very limited. Unfortunately, there is currently no way to monitor the statistics of the whole VSX appliance. There is a tab that’s collecting the information from all VSs and is storing them in one place. the new tab can be seen in the VS0 context only.

0 Kudos
Vincent_Croes
Contributor
‎2021-06-16 06:10 AM
In response to Elad_Chomsky

Is there a way to request an improvement of this functionality? Or do you know if something is in the works?

Currently we are stuck troubleshooting high CPU load on FWK instances and we have no clue what is causing it. Involving TAC each issue is very time consuming especially when the problem is not always present.

0 Kudos
Elad_Chomsky
Employee
Employee
‎2021-06-17 12:00 AM
In response to Vincent_Croes

Hi,

I will pass your request to the relevant R&D owners, and they will try to incorporate it into their plans. Meanwhile, regarding your issue, please try to see if one of the following is giving you the info:

  • ‘vsx stat –v’
  • fw ctl pstat
  • vsx resctrl stat
  • vsx mstat
0 Kudos
Vincent_Croes
Contributor
‎2021-06-17 01:01 AM
In response to Elad_Chomsky

Thank you, that is appreciated. In regards to the commands, those are known by us and do not give good insight on which flows are triggering more CPU usage. We are quite capable of finding out that something is wrong but drilling down to what exactly and being able to report this to our customer is a different story, hence my feature request.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events