PBR on VSX

Adrian_Ardelea · ‎2024-09-10

Hi,

I have a VSX environment on R81.20 (4 VS). In one of the VS i need to install about 650 PBR rules. As PBR rules applies to the kernel, and we expect a great volume of traffic matching the rules, I need to know if my CPU/RAM are in danger of being exhausted, my box is 15600 2xCPU/32G RAM.

Currently I got an average or 16% CPU and 2%RAM for that VS.

Cheers!

PhoneBoy · ‎2024-09-10

I assume this will depend somewhat on the volume of traffic that hits those PBRs, not to mention the other blades active in the VS.

Lesley · ‎2024-09-10

There is no limit in the amount of rules stated in https://support.checkpoint.com/results/sk/sk167135

Under section 18.

Routes are put in /config/db/initial_db and gateway loads this into memory. PS do not edit this file on VSX it will break the firewall. I have never seen any issues with this amount of rules, should be OK. You can always keep an eye on memory and database size (if there is an issue saving takes to long or gives timeout).

Keep an eye also on https://support.checkpoint.com/results/sk/sk181317

-------
If you like this post please give a thumbs up(kudo)! 🙂

Chris_Atkinson · ‎2024-09-11

15600 can have a memory population of up to 64G RAM.

CCSM R77/R80/ELITE

Are you a member of CheckMates?

PBR on VSX