Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Luis_Miguel_Mig
Advisor

GNAT curiosity

I was looking at the new GNAT feature and considering it as something good to have but then I realized that it is not recommended if the number of core workers is less than 6.
I am just curious about what is the reason. 
In my environment I am running 3 core workers for example.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

It may be that when you don’t have enough cores to work with, there isn’t enough of a benefit of GNAT.
It’s a good question, though.

0 Kudos
Luis_Miguel_Mig
Advisor

Well in my case with 3 workers I guess that I could *3 the pool size which is quite good.
Perhaps there may be a negative performance impact more noticeable with less workers ?

0 Kudos
Timothy_Hall
Legend Legend
Legend

The pooling of source ports for Hide NAT between the various worker cores will be statically assigned if there are less than 6 worker cores.  In this case it is more likely for a certain worker core to run out of source ports if it happens to draw a large number of connections from the Dynamic Dispatcher that are Hide NATted behind the same outside IP address.  

When there are 6 or more worker cores present, Hide NAT source port pooling is fully dynamic between all the worker cores.  This effect was mentioned in the second edition of my book (because it required a manual kernel tweak to enable dynamic allocation), but removed from the third edition once dynamic allocation became automatically enabled with 6+ worker cores defined.  See here: sk103656: Dynamic NAT port allocation feature

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events