While working with R80.40 in preparation for a CCTA class and transferring some large files to and from the gateway itself, I noticed some odd behavior with WinSCP. The transfer would start out speedily enough then slowly degrade down to only a few hundred Kbytes/sec through about 70% completion, then suddenly finish up the last 30% in a few seconds. I tried a cpstop thinking somehow the gateway's USFW-based inspection was slowing the transfer down between the o and O inspection points, but doing so had no effect on the issue.
But after sipping some bourbon I started remembering seeing something like this before...when Check Point migrated SecurePlatform from the 2.4 kernel to the 2.6.18 kernel way back when. After consulting my notes, I determined that the solution back then was to disable a Connection setting in WinSCP called "Optimize Connection Buffer Size". Could it be that simple? Yep it is:
sk163940: SCP/SFTP file transfer is very slow after upgrade of SSH
Once again this only manifests itself when transferring large files to and from the gateway itself with SCP, this does not happen with WinSCP transfers that are just transiting the gateway. Apparently this is due to an upgraded gateway version of SSHD that does not care one bit for WinSCP's buffer size optimization strategy; not sure but I suspect this SSHD version upgrade is related to the new Gaia 3.10 kernel that is now mandatory in R80.40.
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com