This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JenniferYado
Contributor
yesterday

Reduction in throughput (MB) when traffic passes through the firewall

Hi,

I have the following network where a certain amount of 150MB was contracted on the L2L link.
Servers> Switch > FW > L2L link > FW > Switch > Servers

We performed throughput tests and noticed that the total MB is reduced to 60MB when the traffic passes through the FWs:Server > Switch > FW > L2L link > FW > Switch > Servers

We performed another test removing the FWs and noticed that the total 150MB is what we should have:
Server > Switch > L2L link > Switch > Servers

Therefore we conclude that the problem is in the FW since when the traffic passes through there we see a decrease in MB.
We have checked that the interfaces do not have problems at layer 1 level.

Any idea what's going on?

0 Kudos
11 Replies
the_rock
Legend
Legend
yesterday

I would start with cpview and see if there is anything unusual there. If not, run ethtool -S and also see from ifconfig output what errors show. You can also see this from interface config in web UI, just click on advanced or monitoring in upper right (cant recall the exact wording now).

Andy

0 Kudos
JenniferYado
Contributor
7 hours ago
In response to the_rock

We have reviewed everything you mentioned but everything is fine in this part

0 Kudos
Chris_Atkinson
Employee Employee
Employee
yesterday

How is the test being performed - are multiple concurrent connections used?

Which appliance do you have and which version/JHF?

What security blades are enabled, do you observe high CPU?

CCSM R77/R80/ELITE
0 Kudos
JenniferYado
Contributor
6 hours ago
In response to Chris_Atkinson

It is a dedicated link. At the request of a third-party provider, they need the bandwidth to be 150 MB and to go through an encrypted channel.

This channel is only used for a synchronization of database servers. On the channel it goes like this:
Server -> SW -> FW -> L2L link -> FW -> SW -> Server

The problem is that when traffic goes through the VPN, throughput is significantly reduced. Better said, when it passes through the FW it decreases since tests were also carried out where they sent the traffic through another interface that does not use VPN and the traffic continues to decrease.

If they "remove the fw" by directly passing the traffic through the switch, something like this:
Server -> SW -> L2L link -> SW -> Server
It is seen that the throughput increases.

They have R81.20 JHF76 and it is a 7000 appliance 

It is not observed that the CPU is high.

0 Kudos
the_rock
Legend
Legend
6 hours ago
In response to JenniferYado

I see the point Chris made...can you send us output of enabled_blades from the fw, like below?

Andy

[Expert@CP-GW:0]# enabled_blades
fw vpn cvpn urlf appi ips identityServer anti_bot content_awareness qos mon
[Expert@CP-GW:0]#

 

0 Kudos
JenniferYado
Contributor
6 hours ago
In response to the_rock

I don't have access to the FWs. I only have the cpinfo for these, but it seems to me that with the following we can see which blades are activated:

 
 

blades activos.png

 

0 Kudos
PhoneBoy
Admin
Admin
52m ago
In response to JenniferYado

How precisely is the traffic generated to test throughput?
What are the characteristics of this traffic? 
What does the physical connectivity look like?
What rule is the traffic matching on?
The more details you can provide, the more likely we're going to be able to help.

0 Kudos
AkosBakos
Leader Leader
Leader
yesterday

Hi @JenniferYado 

And the third tip is the MTU. Tipically the MTU is 1500 on the interfaces. Do you have the same setting?

A

----------------
\m/_(>_<)_\m/
JenniferYado
Contributor
6 hours ago
In response to AkosBakos

Yes, I have the same setting 

0 Kudos
the_rock
Legend
Legend
6 hours ago

Also, see if below may help.

Andy

https://community.checkpoint.com/t5/Security-Gateways/81-20-Performance-CPU-issue/td-p/214709

0 Kudos
the_rock
Legend
Legend
5 hours ago

Maybe worth mentioning, if VPN tunnels are involved, below also would be relevant.

Andy

https://support.checkpoint.com/results/sk/sk73980

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events