Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daljit_s
Participant

Checkpoint 6200 high cpu

Hi All, 

 

We have recently replaced the open server with the new CP appliance 6200p. After migration to the new gateways the CPU is high. throughput is also not that much high, Currently IPS, VPN and firewall blades are enabled.  I already have all the templates enabled for the acceleration.

As these gateways are having 4 core so is it make sense to move the firewalls from user to kernel mode? Will that improve the cpu performance? According to me user mode is required when the device has more than 36 cores but not sure why the CP is enabling it on all the appliances.

 

Regards

Daljit Singh

0 Kudos
8 Replies
_Val_
Admin
Admin

Setting it back to kernel mode will win you only a small percentage of CPU utilization, but it is definitely the first step in the optimization process I would recommend.

Daljit_s
Participant

Thanks, i will soon change the mode and will see for any difference.

But do you know why the checkpoint is enabling the user mode by default on the appliances having less cores?

0 Kudos
_Val_
Admin
Admin

Latest 3.10 based version have USFW enabled because of certain features depending on that, for example TLS 1.3 inspection support. Performance negative effect is negligible. Do not expect much. I would be surprised if it is more than a couple of percents on average. 

0 Kudos
Timothy_Hall
Legend Legend
Legend

What model was the open server?  What kind of CPUs and how many did it have?  It can be tricky trying to estimate performance when transitioning from an open server to Check Point appliances.  The 6200 has four cores, please provide the output of cat /proc/cpuinfo so we can see what kind of CPUs the 6200 is using.

I don't think switching back to kernel mode will buy you much, I'd suggest providing Super Seven command outputs for analysis first.  Also what version and Jumbo HFA level are you using?  It is likely that most of your traffic will be fully accelerated, and with the default 1/3 split only one CPU will be forced to handle all the load unless you are running a code version with Dynamic Split in use.

https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Daljit_s
Participant

I am using 80.40 with Take 120.

attached s7pac output.

0 Kudos
Timothy_Hall
Legend Legend
Legend

As Val said some features in later releases will require USFW so switching back to kernel mode will become less and less relevant, even on smaller boxes.  Your 6200 has only two physical CPUs with SMT enabled for 4 total cores/threads.

Your 6200 seems to be handling the load fine and there are no tuning adjustments required, plenty of headroom.  I suspect the higher CPU load on your 6200 is due to the CPU number and/or type differences between it and your prior open hardware.  What was the prior open hardware model and CPU type?  If it was some kind of Xeon which is common on Intel-based servers, that Xeon CPU is probably at least twice as fast per-core than the Pentium Gold G5400 in your 6200.  As long as a firewall's cores are not normally running north of 75% and topping out at 100% during the busiest periods you should be fine.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Maarten_Sjouw
Champion
Champion

The HP servers had 16 core on Intel(R) Xeon(R) CPU E5-2665 0 @ 2.40GHz CPU's

The 6200 has 4 cores on Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz CPU

So there is quite a difference in total power. Every first couple of days of the month the throughput doubles due to people who need to register during the first couple of days of the month. Currently the average CPU load during the day is is between 50 and 60%

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

@Timothy_Hall Daljit is one of my coworkers and I was able to gather this data quickly and add it here.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events