Hello Checkmate Team,
We suddenly see CPU utilization during the morning 5 AM to 8 AM time only.
The multiple fw_worker take high CPU but not impact the SND core utlization
Total Core : 8 core (2 SND and 6 fw_worker)
So we checked the TOP connection by referring CPVIEW utility output
As we get to know that a Auto Backup solution like Backup Server take more CPU because that Auto Backup is start working during the time of issue because during the time it’s take backup file from multiple of devices which connected or like integrated with Backup Server.
This issue we observed when this newly implemented BACKUP Solution is start working
Now find below about Solution :
First we need to know that the TOP connection is going to which path like Accelerated Path , medium Path or Slow Path
For this we run cpkstat Utility during the time of high CPU to know which path that go through.
Few Backup connections are triggered and all are in same Medium Path only (F2P)
Refer : sk103212 (Traffic analysis using the 'CPMonitor' tool) to known the high CPU utlization connection PATH.
The next Solution we planned to implemented that is to put that F2P connection to(SecureXL Fast Accelerator (fw fast_accel)) to reduce the CPU utilisation beacuse in the Fast Accelator no inspection is performed like trusted connections to allow bypassing deep packet inspection
Refer SK : sk156672
Now one query is come that why we put that connection without any Inspection ? :
Answer : We assured that the connection is legitimate and as its for the backup process only so no need Inspection on this.
If we add the top connections to the SecureXL Fast Accelerator is there going to be any impact on the 2 SND cores, because at the time of High CPU utilization observed the SND cores CPU utilization is around 40-50% ?
Answer : There is going to be no impact on the SNDs due to fastaccel, as there is no inspection for this affected traffic
if some particular connection is already accelerated then can we add those connections in SecureXL Fast Accelerator then is there any impact ?
Answer : No Impact
Hi Team Let me know if some point answer I updated on above is correct or anything wrong ?
My Plan of ACTION :
Base on sk156672 which I refer :
1. fw ctl fast_accel enable (Set feature state to on)
2. fw ctl fast_accel show_table (Display the rules configured by the user)
3. fw ctl fast_accel show_state (Display the current feature state)
4. fw ctl fast_accel add 1.1.1.1 2.2.2.0/24 80 6 (Example IP address and Port number with TCP or UDP protocol)
5. fw ctl fast_accel delete 192.168.0.0/16 any 8080 17 (Example IP address and Port number with TCP or UDP protocol
6. Verify using cpview utility :
So base on our issue I need to add the Backup Server IP address which basically the Destination IP address and also revert the traffic.
Like for example :
Backup Server IP address : x.x.x.x/24
Backup Server Listing PORT : TCP 1667
Command :
fw ctl fast_accel add x.x.x.x/24 1667 6
Kindly suggested that above command is correct or not OR also can I need to add the source IP address also OR source and destination IP address are must be included base on the SK ?
Also I plan to added in only Active gateway for testing so incase if any urganet I will fail-over the gateway so kindly update that is this possible that we can use for Active gateway if we using Cluster then
Also Suggest Any Alternative to resolved the High CPU utlization issue .
Regards
Hi @AaronCP
Thank you for the update.
Yes I agree that in the sk below details also mention and subnet is optional but if someone implemente without source beacuse in our case source is multiple.
Okay but will add both source and destination and check the result of utlization.
Regards
Hi @AaronCP and @Sorin_Gogean Thankyou very much for the suggestion
As per TAC suggestion and Answer of our query :
If we add the top connections to the SecureXL Fast Accelerator is there going to be any impact on the 2 SND cores, because at the time of High CPU utilization observed the SND cores CPU utilization is around 40-50% ?
Answer : There is going to be no impact on the SNDs due to fastaccel, as there is no inspection for this affected traffic
So as per my Plane of action also the same BUT Now we face the high CPU utilization in SND core because as we added the high CPU utilization connection into the SecureXL Fast Accelerator.
Now instead of CoreXL_FW now CoreXL_SND take high CPU so to overcome the issue we prepare a next POA :
| User | Count |
|---|---|
| 18 | |
| 17 | |
| 15 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 |
Tue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topThu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaS
