This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Nikhil_Patil
Participant
‎2017-11-29 04:54 AM

How to calculate IPS and Antibot throghput

Jump to solution

Hi,

How can we calculate IPS and Antibot throughput on production firewall.

Thank you...

0 Kudos
Reply
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2017-11-29 06:30 AM

Jump to solution

I'm assuming you have a firewall already in production, and you want to know how much IPS and Anti-bot is potentially slowing down traffic or increasing CPU load.  There is not an easy way to directly measure this, however what you can do is execute the following steps to determine what kind of impact these blades are having as currently configured:

1) During the firewall's busiest period measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

2) Disable IPS on the fly with the ips off command on the gateway, wait 30 seconds

3) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

4) Disable all Threat Prevention (which includes Anti-bot) on the fly with the fw amw unload command on the gateway, wait 30 seconds

5) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

6) Reinstall Access and TP policy to the gateway immediately

Compare your CPU measurements throughout the process and you should be able to deduce what kind of overhead is being incurred by these blades.  They can frequently be tuned to substantially reduce performance impact...

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

Reply
1 Reply
Timothy_Hall
Champion
Champion
‎2017-11-29 06:30 AM

Jump to solution

I'm assuming you have a firewall already in production, and you want to know how much IPS and Anti-bot is potentially slowing down traffic or increasing CPU load.  There is not an easy way to directly measure this, however what you can do is execute the following steps to determine what kind of impact these blades are having as currently configured:

1) During the firewall's busiest period measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

2) Disable IPS on the fly with the ips off command on the gateway, wait 30 seconds

3) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

4) Disable all Threat Prevention (which includes Anti-bot) on the fly with the fw amw unload command on the gateway, wait 30 seconds

5) Measure current CPU load with cpview/sar/mpstat/top/cpstat/etc.

6) Reinstall Access and TP policy to the gateway immediately

Compare your CPU measurements throughout the process and you should be able to deduce what kind of overhead is being incurred by these blades.  They can frequently be tuned to substantially reduce performance impact...

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

Reply