This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luis_Miguel_Mig
Advisor
‎2021-03-01 06:01 AM

GNAT curiosity

I was looking at the new GNAT feature and considering it as something good to have but then I realized that it is not recommended if the number of core workers is less than 6.
I am just curious about what is the reason. 
In my environment I am running 3 core workers for example.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-03-01 08:57 AM

It may be that when you don’t have enough cores to work with, there isn’t enough of a benefit of GNAT.
It’s a good question, though.

0 Kudos
Luis_Miguel_Mig
Advisor
‎2021-03-01 09:20 AM
In response to PhoneBoy

Well in my case with 3 workers I guess that I could *3 the pool size which is quite good.
Perhaps there may be a negative performance impact more noticeable with less workers ?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-03-01 11:48 AM

The pooling of source ports for Hide NAT between the various worker cores will be statically assigned if there are less than 6 worker cores.  In this case it is more likely for a certain worker core to run out of source ports if it happens to draw a large number of connections from the Dynamic Dispatcher that are Hide NATted behind the same outside IP address.  

When there are 6 or more worker cores present, Hide NAT source port pooling is fully dynamic between all the worker cores.  This effect was mentioned in the second edition of my book (because it required a manual kernel tweak to enable dynamic allocation), but removed from the third edition once dynamic allocation became automatically enabled with 6+ worker cores defined.  See here: sk103656: Dynamic NAT port allocation feature

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top