hardware -5600
i have both,  Management server and gateway

now i have very big problem , URL filtering doesn't work at all , and network is too slow

when i type this command  (cpview) See it  in screenshot, CPU's are always 100 % , but network  traffic is very small , about 70 MB .  I cannot find which  process loads CPU's   
CPview command

Need to see output of top command to determine if CPU load is kernel-based or process-based, and if it is process-based top will show which processes are consuming CPU.

However being in standalone mode with 16GB of RAM and only 4 cores, it will be difficult to get good performance.

I don't have big traffic . 

Please see screenshot . TOP shows me only this information

Now this screenshot is taken  in the  morning hours and it is not loaded yet, but in 10 o,clock it was 100 % and TOP  was same   

I need to see the entire screen of the top output, but it looks like you have HTTPS Inspection enabled due to the presence of the wstlsd process.  Probably not advisable to use that feature on a 5600 configured in standalone mode.  Also please provide output of enabled_blades command, my guess is you have most of the blades enabled.

Also are you sure this box is managed standalone and not with a separate SMS/MDS?  I don't think the typical management processes are showing up in your top output.

It was working normally 2 days ago. Nothing happened , i just made install policy and after that it began increasing CPU .  These are active blade . Now it is not work hours. 

hello.

i have enabled http/https proxy , see it in screenshot.


Could this function be the reason for processor load? And is it possible to see, how many process uses this particular function?
Support said us that  for testing, i should  disable this function , install new  proxy server in other machine  (linux) , move only this function to this server, (NOT Url filtering, Url filtering should stay in checkpoint ) and then test . 
    For this situation All trafic come to this proxy server and then go internet via checkpoint (Url filtering ) .   

 version is R80.30

I agree with TAC here, you should never enable the firewall as a HTTP/HTTPS Proxy like that as it will invoke Active Streaming in the CPASXL path in R80.20+.  This is a legacy feature that should not be necessary in today's world, and was singled out for some pretty harsh words in the third edition of my book:

Hello Timothy,

I just looked at some firewall (R80.20 and R80.30) using the wsdnsd process.

And although I have not activated HTTP / HTTPS proxy on any firewall, the process is still active.

If I can trust the output of CPWD_admin _list. 🙂

What else could have activated this process?

PS: Your book ist awsome!

As long as you are sure the firewall is not defined as a proxy I wouldn't worry about it, wsdnsd is probably just doing DNS lookups for something else such as Dynamic Objects.

I check this in my lab.

The wsdnsd process is activated as soon as you use an updateble object in the policy.

Maybe the sk97638 need a update.

Makes sense, thanks for the followup.