- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
How can we calculate IPS and Antibot throughput on production firewall.
Thank you...
I'm assuming you have a firewall already in production, and you want to know how much IPS and Anti-bot is potentially slowing down traffic or increasing CPU load. There is not an easy way to directly measure this, however what you can do is execute the following steps to determine what kind of impact these blades are having as currently configured:
1) During the firewall's busiest period measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
2) Disable IPS on the fly with the ips off command on the gateway, wait 30 seconds
3) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
4) Disable all Threat Prevention (which includes Anti-bot) on the fly with the fw amw unload command on the gateway, wait 30 seconds
5) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
6) Reinstall Access and TP policy to the gateway immediately
Compare your CPU measurements throughout the process and you should be able to deduce what kind of overhead is being incurred by these blades. They can frequently be tuned to substantially reduce performance impact...
--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon
I'm assuming you have a firewall already in production, and you want to know how much IPS and Anti-bot is potentially slowing down traffic or increasing CPU load. There is not an easy way to directly measure this, however what you can do is execute the following steps to determine what kind of impact these blades are having as currently configured:
1) During the firewall's busiest period measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
2) Disable IPS on the fly with the ips off command on the gateway, wait 30 seconds
3) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
4) Disable all Threat Prevention (which includes Anti-bot) on the fly with the fw amw unload command on the gateway, wait 30 seconds
5) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.
6) Reinstall Access and TP policy to the gateway immediately
Compare your CPU measurements throughout the process and you should be able to deduce what kind of overhead is being incurred by these blades. They can frequently be tuned to substantially reduce performance impact...
--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY