This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
usukhbayar_g
Participant
yesterday
Jump to solution

Check Point Online Web Service Response Time

Hello,

Currently, the Website Categorization mode is set to Background Mode, and I am planning to switch it to Hold Mode. Before making this change, I would like to measure the response time between the Security Gateway and the Check Point Online Web Service to assess the potential impact.

I understand that the Security Gateway maintains a cache and only queries the Online Web Service when a URL is not found locally. However, I want to ensure that the response time is within acceptable limits before implementing this change.

Could you advise on the best method to accurately measure this response time?

Best regards

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

I am suggesting to CHANGE it 🙂

I always found it works better with hold setting, specially if you use ssl inspection. Btw, background option is better to keep for threat prevention.

Andy

View solution in original post

11 Replies
the_rock
Legend
Legend
yesterday
Jump to solution

Hold Mode: In this mode, if a website's category isn't found in the local cache, the user's request is paused until the Check Point Online Web Service completes the categorization. This ensures that only categorized content is accessed but may introduce delays, especially if the service's response time is prolonged.

https://sc1.checkpoint.com/documents/R80.30/SmartConsole_OLH/EN/html_frameset.htm?topic=documents/R8...

Factors affecting the response time of the Check Point Online Web Service include network latency, current server load, and the efficiency of the service itself. To optimize performance, it's advisable to use the default Background Mode, which allows user requests to proceed while categorization occurs concurrently. Additionally, ensuring that the local cache is adequately sized and maintained can reduce the frequency of external queries, thereby improving overall response times.

If users experience significant delays or performance issues, reviewing these settings and monitoring network conditions can help identify and mitigate potential bottlenecks.

Andy

0 Kudos
usukhbayar_g
Participant
yesterday
In response to the_rock
Jump to solution

Thanks for fast response😀
Reason I want to change this is, as shown in below picture, prevent those DNS requests. If you suggesting not to change it, is there some alternative method to block this connections?Screenshot 2025-02-13 104723.pngScreenshot 2025-02-13 105723.png

0 Kudos
the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

I am suggesting to CHANGE it 🙂

I always found it works better with hold setting, specially if you use ssl inspection. Btw, background option is better to keep for threat prevention.

Andy

usukhbayar_g
Participant
yesterday
In response to the_rock
Jump to solution

Thank you

Is there any way to check response time between Security Gateway and Online Web Service? I pinged address (assumed cws.checkpoint.com used for this).

0 Kudos
the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

tracepath cws.checkpoint.com

tracepath updates.checkpoint.com

Just do it from expert mode.

Andy

the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

Example from my R82 lab, though it probably looks a bit different considering I was connected to 3rd party SASE provider.

Andy

[Expert@R82:0]# tracepath cws.checkpoint.com
1?: [LOCALHOST] pmtu 1500
1: 172.16.10.1 (172.16.10.1) 2.079ms
2: unassigned-209.3.46.173.net.blink.ca (173.46.3.209) 1.674ms
3: unallocated-static.rogers.com (72.142.86.37) 1.766ms
4: 209.148.225.138 (209.148.225.138) 2.382ms
5: 209.148.225.142 (209.148.225.142) 2.585ms
6: 24.156.145.130 (24.156.145.130) 3.543ms
7: 9044-cgw01.wlfdle.rmgt.net.rogers.com (209.148.230.45) 3.281ms
8: 9402-cgw01.bloor.rmgt.net.rogers.com (209.148.235.233) 4.100ms
9: 69.63.248.57 (69.63.248.57) 10.008ms
10: 209.148.230.134 (209.148.230.134) 20.874ms
11: no reply
12: ae35.r02.border101.ewr04.fab.netarch.akamai.com (23.203.154.47) 25.456ms
13: no reply
14: no reply
15: no reply
16: a23-209-72-17.deploy.static.akamaitechnologies.com (23.209.72.17) asymm 17 20.077ms reached
Resume: pmtu 1500 hops 16 back 17

0 Kudos
usukhbayar_g
Participant
yesterday
In response to the_rock
Jump to solution

I got continious no reply message with tracepath command (don't know why xD). Instead I used traceroute.

0 Kudos
the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

No sweat, just do below...either regular ping, or you can do many options with ping. I just used default packet size, 4096 bytes.

Andy

[Expert@R82:0]# ping -s 4096 updates.checkpoint.com
PING e17340.dscd.akamaiedge.net (23.199.50.18) 4096(4124) bytes of data.
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=1 ttl=48 time=20.2 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=2 ttl=48 time=18.8 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=3 ttl=48 time=18.9 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=4 ttl=48 time=19.0 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=5 ttl=48 time=18.9 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=6 ttl=48 time=18.8 ms
4104 bytes from a23-199-50-18.deploy.static.akamaitechnologies.com (23.199.50.18): icmp_seq=7 ttl=48 time=18.9 ms
^C
--- e17340.dscd.akamaiedge.net ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6005ms
rtt min/avg/max/mdev = 18.821/19.109/20.205/0.485 ms
[Expert@R82:0]#

0 Kudos
usukhbayar_g
Participant
yesterday
In response to the_rock
Jump to solution

Got it, you mentioned background option is better to keep for threat prevention. Can you describe it little more?

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to usukhbayar_g
Jump to solution

I believe its in threat prevention admin guide. I will check in lab tomorrow.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events