NGTP 5000 Performance

fatalXerror · ‎2019-02-12

Hi Guys,

I have 2x CP NGTP 5800 series firewall running in clusterXL as security gateway and I have a mid-range Smart-1 appliance as the manager.

Currently, based on the CPView output the security gateway is running around 2% CPU usage and around 40% memory usage. For the Smart-1, it is running also around 2% CPU usage and around 70% memory usage.

In addition, only firewall, IPSec VPN, ID awareness, and App&URL filtering blades are enabled.

Here are my questions.

1. Why in the output it shows that the total CPU cores are 8 but it seems that only 3 are used randomly.

2. I want to enable the other features (IPS, AV, Anti-bot, Anti-Spam, Content-Awareness, and SSL Inspection), I would like to seek opinion from you if I enable those blades does the 5800 can handle such processes?

Thank you very much.

PhoneBoy · ‎2019-02-12

It could be that the interfaces tied to those cores are getting more of the traffic.

Might be worth giving this a watch:

TechTalk: Security Gateway Performance Optimization with Tim Hall‌

Note that IPS, AV, Anti-Bot, and Content Awareness all use the same engines as App Control and URL Filtering so I wouldn't expect a huge change in performance.

Anti-spam is also fairly lightweight.

fatalXerror · ‎2019-02-12

Hi Dameon Welch-Abernathy‌,

How I can confirm if a specific interface is tied into a specific core?

Even if I enable SSL Inspection, the current performance will not be degraded?

Thanks

PhoneBoy · ‎2019-02-13

To check core/interface affinity: sim affinity -l

SSL Inspection will definitely impact performance/overall throughout.

Depending on your exact requirements and traffic patterns, it could be substantial (more than 50%).

Might be worth consulting with your local Check Point SE for a more precise answer.