Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TAEKBOM_Kim
Contributor
Jump to solution

Can we use QoS function reliably?

Hi guys,

I want to know 2 things before using QoS

1. Does the QoS function load the CPU, Memory?
2. Customer references using the QoS feature.

 

I am currently running below:

Appliance:Check Point 5800 Appliance
Security Management:Smart-1 405
Version (Firmware):R80.10

 

Cheers

🙂

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

2 Replies
G_W_Albrecht
Legend
Legend

>> 1. Does the QoS function load the CPU, Memory?

For every decision on a GW we will need computing resources, so - yes, also QoS has its price, and you have to decide if it is right 😉.

>> 2. Customer references using the QoS feature.

What do you expect here ? I can only tell you that QoS is widely used for VoIP and video conferencing prioritizing - this is done by making other traffic slower...

For more reading see sk30590: What is Check Point QoS?sk32176: Limitations of Check Point QoS and the R80.30 QoS Administration Guide !

CCSE CCTE CCSM SMB Specialist
Timothy_Hall
Champion
Champion

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events