This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TAEKBOM_Kim
Contributor
‎2019-09-20 12:10 AM
Jump to solution

Can we use QoS function reliably?

Hi guys,

I want to know 2 things before using QoS

1. Does the QoS function load the CPU, Memory?
2. Customer references using the QoS feature.

 

I am currently running below:

Appliance:Check Point 5800 Appliance
Security Management:Smart-1 405
Version (Firmware):R80.10

 

Cheers

🙂

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-09-20 07:16 AM
Jump to solution

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-09-20 12:56 AM
Jump to solution

>> 1. Does the QoS function load the CPU, Memory?

For every decision on a GW we will need computing resources, so - yes, also QoS has its price, and you have to decide if it is right 😉.

>> 2. Customer references using the QoS feature.

What do you expect here ? I can only tell you that QoS is widely used for VoIP and video conferencing prioritizing - this is done by making other traffic slower...

For more reading see sk30590: What is Check Point QoS?sk32176: Limitations of Check Point QoS and the R80.30 QoS Administration Guide !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Timothy_Hall
Legend Legend
Legend
‎2019-09-20 07:16 AM
Jump to solution

For a long time QoS was rarely used on Check Point gateways due to a longstanding incompatibility with CoreXL that prevented the two from being used together.  This limitation was lifted in version R77.10+.  However enabling the QoS blade on an R80.10 or earlier gateway would definitely cause a sharp rise in CPU usage on a busy firewall due to required special handling on the Firewall Worker cores in the QXL path (which also precluded full acceleration of QoS'ed traffic by SecureXL); as such if you were just looking to do bandwidth limits my recommendation on R80.10 gateway and earlier was always to employ APCL Limit actions instead.

However in R80.20+ SecureXL now has the capability to perform QoS itself (the new "QoS inbound" and "QoS outbound" processing paths) so the CPU hit when enabling the QoS blade should be substantially reduced in R80.20+.  I have not had a chance to see this new R80.20+ QoS capability in action at a customer site yet but it looks promising.

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top