Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Dynamic Balancing on systems with fewer than 8 cores

Heya,

I though I'd share this, so there will be no surprises for someone else when going down this route.

If you have appliance with fewer than 8 cores (e.g. 3600) and you follow sk164155 it will ask you to first enable GNAT and then enable dynamic balancing (from clish or expert mode).

Only that this is not the case.

When you enable GNAT, as soon as you reboot after that, balancing will be automagically enabled as well. 

This applies to R81 and possibly R80.40.

Don't say I did not warned you 😉

0 Kudos
6 Replies
rrbranco
Contributor

sk164155 "Dynamic Balancing for CoreXL"  mentions sk165153  "GNAT port allocation feature"  which has a note pointing to sk26202 "Changing the kernel global parameters for Check Point Security Gateway" 

 

is this the case / scenario ?

 

 

 

0 Kudos

sk165153 is not precise either because it does not mention that reboot is required and fwx_gnat_enabled cannot be set on the fly.

But yeah, that's the case. 

0 Kudos
PhoneBoy
Admin
Admin

@Chen_Muchtar can you confirm this is expected behavior?

0 Kudos
AmitShmuel
Employee
Employee

Hi,

 

As @rrbranco mentioned:

sk164155 "Dynamic Balancing for CoreXL" mentions that on models with fewer than 8 cores, a GNAT port allocation feature must be enabled, and refers to sk165153.

sk165153  "GNAT port allocation feature" mentions that "fwx_gnat_enabled" global parameter, disables / enables GNAT, and 
adds a note that this kernel parameter can be set only permanently per sk26202.

sk26202 "Changing the kernel global parameters for Check Point Security Gateway" has a section on the procedure for permanent Kernel global parameters customization per Operating System, which mentions that the Security Gateway must be rebooted after such change.

 

On R80.40, where Dynamic Balancing is not on by default, when trying to enable the feature, while GNAT is disabled, the following message will be prompted: "Dynamic Balancing is not supported on security gateways with GNAT disabled".
Once GNAT is enabled, and post the reboot, Dynamic Balancing will automatically start running.

On later version, where the feature is on by default, once GNAT is enabled, and post the reboot, it will simply start running.

As I said that sk is not precise as there are on the fly params that can be also set permanently.

I believe the automatic enablement of dynamic balancing in this case shall be documented .

0 Kudos
AmitShmuel
Employee
Employee

Right, but only permanently set params require reboot.

I've asked it to be documented 🙂