This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daljit_s
Participant
‎2021-10-27 01:25 AM

Checkpoint 6200 high cpu

Hi All, 

 

We have recently replaced the open server with the new CP appliance 6200p. After migration to the new gateways the CPU is high. throughput is also not that much high, Currently IPS, VPN and firewall blades are enabled.  I already have all the templates enabled for the acceleration.

As these gateways are having 4 core so is it make sense to move the firewalls from user to kernel mode? Will that improve the cpu performance? According to me user mode is required when the device has more than 36 cores but not sure why the CP is enabling it on all the appliances.

 

Regards

Daljit Singh

0 Kudos
8 Replies
_Val_
Admin
Admin
‎2021-10-27 01:30 AM

Setting it back to kernel mode will win you only a small percentage of CPU utilization, but it is definitely the first step in the optimization process I would recommend.

Daljit_s
Participant
‎2021-10-27 05:39 AM
In response to _Val_

Thanks, i will soon change the mode and will see for any difference.

But do you know why the checkpoint is enabling the user mode by default on the appliances having less cores?

0 Kudos
_Val_
Admin
Admin
‎2021-10-27 07:16 AM
In response to Daljit_s

Latest 3.10 based version have USFW enabled because of certain features depending on that, for example TLS 1.3 inspection support. Performance negative effect is negligible. Do not expect much. I would be surprised if it is more than a couple of percents on average. 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-10-27 05:41 AM

What model was the open server?  What kind of CPUs and how many did it have?  It can be tricky trying to estimate performance when transitioning from an open server to Check Point appliances.  The 6200 has four cores, please provide the output of cat /proc/cpuinfo so we can see what kind of CPUs the 6200 is using.

I don't think switching back to kernel mode will buy you much, I'd suggest providing Super Seven command outputs for analysis first.  Also what version and Jumbo HFA level are you using?  It is likely that most of your traffic will be fully accelerated, and with the default 1/3 split only one CPU will be forced to handle all the load unless you are running a code version with Dynamic Split in use.

https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
Daljit_s
Participant
‎2021-10-27 07:09 AM
In response to Timothy_Hall

I am using 80.40 with Take 120.

attached s7pac output.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-10-27 07:31 AM
In response to Daljit_s

As Val said some features in later releases will require USFW so switching back to kernel mode will become less and less relevant, even on smaller boxes.  Your 6200 has only two physical CPUs with SMT enabled for 4 total cores/threads.

Your 6200 seems to be handling the load fine and there are no tuning adjustments required, plenty of headroom.  I suspect the higher CPU load on your 6200 is due to the CPU number and/or type differences between it and your prior open hardware.  What was the prior open hardware model and CPU type?  If it was some kind of Xeon which is common on Intel-based servers, that Xeon CPU is probably at least twice as fast per-core than the Pentium Gold G5400 in your 6200.  As long as a firewall's cores are not normally running north of 75% and topping out at 100% during the busiest periods you should be fine.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
Maarten_Sjouw
Champion
Champion
‎2021-10-28 03:48 AM
In response to Timothy_Hall

The HP servers had 16 core on Intel(R) Xeon(R) CPU E5-2665 0 @ 2.40GHz CPU's

The 6200 has 4 cores on Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz CPU

So there is quite a difference in total power. Every first couple of days of the month the throughput doubles due to people who need to register during the first couple of days of the month. Currently the average CPU load during the day is is between 50 and 60%

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2021-10-28 03:25 PM
In response to Timothy_Hall

@Timothy_Hall Daljit is one of my coworkers and I was able to gather this data quickly and add it here.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top