Hi Phoneboy , 

 

yeah , sorry I was really referring to Virtual cores of the VM...

 

The cores are split between SND and Worker.

> Thanks . I will research more on SND.

If you allocate 3 workers, then that means 5 cores are being used for SND.

> Is there a command to view how many cores were assigned to SND? 

In R80.30+, you can also allocate a core for management traffic if you have 8 or more cores licensed, but this is not the default.

> Is there a default core assignment between the Firewall worker and SND?  For example like in our environment with 8 core     gateway . 

 

You can only directly control the number of workers, SNDs are allocated from the remaining (licensed) cores.
The default allocation for 8 cores is 6/2 (6 workers, 2 SND).
You can see the list of defaults here:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Hi Phoneboy , 

 

Thanks for the info . i am learning from it ... 

so I would say that we have no SND active for interfaces... only firewall workers running on CPU 3 and CPU 7 that are helping to process traffics.. 

I far as i can see with those details , we are not utilizing all CPU cores right ? 

Or these unallocated CPU's  could be running other processes?

 

 

[Expert]# cpmq get -a

Active virtio_net interfaces:
eth0 [Off]
eth1 [Off]

[Expert]# fw ctl affinity -l -r
CPU 0:
CPU 1:
CPU 2:
CPU 3: fw_1
cp_file_convertd fwd usrchkd rad pepd in.geod in.msd mpdaemon lpd vpnd pdpd in.acapd in.asessiond gcpd wsdnsd cpd cprid
CPU 4:
CPU 5:
CPU 6:
CPU 7: fw_0
cp_file_convertd fwd usrchkd rad pepd in.geod in.msd mpdaemon lpd vpnd pdpd in.acapd in.asessiond gcpd wsdnsd cpd cprid
All:

[Expert]# fw ctl affinity -l
Kernel fw_0: CPU 7
Kernel fw_1: CPU 3

 

Tasks: 163 total, 2 running, 161 sleeping, 0 stopped, 0 zombie
Cpu0 : 0.0%us, 0.0%sy, 0.0%ni, 97.0%id, 0.0%wa, 0.0%hi, 3.0%si, 0.0%st
Cpu1 : 0.0%us, 0.0%sy, 0.0%ni, 98.3%id, 0.0%wa, 0.3%hi, 1.3%si, 0.0%st
Cpu2 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu3 : 9.3%us, 3.3%sy, 0.0%ni, 84.7%id, 0.0%wa, 0.0%hi, 2.7%si, 0.0%st
Cpu4 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu5 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu6 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu7 : 9.3%us, 3.7%sy, 0.0%ni, 83.7%id, 0.0%wa, 0.0%hi, 3.3%si, 0.0%st

 

 

 

That looks like you only have two workers (also referred to as firewall instances) and no SNDs, which does not seem right.
If you check via cpconfig and choose the CoreXL option, what does it say you have allocated?
On my VM with 4 cores, it says: CoreXL is currently enabled with 3 IPv4 firewall instances and 2 IPv6 firewall instances.

[Expert@gateway:0]# fw ctl affinity -l -r
CPU 0: eth0 eth2
CPU 1: fw_2
mpdaemon lpd rad in.acapd fwd cp_file_convertd pepd vpnd in.asessiond pdpd usrchkd cpd cprid
CPU 2: fw_1
mpdaemon lpd rad in.acapd fwd cp_file_convertd pepd vpnd in.asessiond pdpd usrchkd cpd cprid
CPU 3: fw_0
mpdaemon lpd rad in.acapd fwd cp_file_convertd pepd vpnd in.asessiond pdpd usrchkd cpd cprid
All:

Unless you know for absolute certain you need a different setting for optimal performance, I recommend starting with the default setting (6 firewall instances).

Thanks , Thats what i thought we are not utilizing all cores and I am looking to go down to 4 cores thats why I am studying this process. ... So the default or recommended will be 3 firewall workers?

I noticed that all of our VM does have a configured SND , its running for more than a year .. is it recommended to assign SNDs in a core?

What if we dont assign a processing core in a worker or SND? Does it means that will be use in other process?

The default is 3 Workers / 1 SND for a 4 core system.

As for assignment, the only thing you can directly control is the number of workers assigned.
If you have more than 8 cores in R80.30, you can optionally assign one core for management-related functions.
All other cores should be assigned to SND automatically.