Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DmitriyDubovik
Contributor

tcpdump, fw monitor and fw ctl zdebug commands and performance impact

Good day 

We have highly loaded security gateways that currently need traffic analysis.

In this article https://community.checkpoint.com/t5/Security-Gateways/quot-fw-ctl-zdebug-quot-Helpful-Command-Combin... I came across information that the utility negatively affects on performance .

Please tell me how critically it can affect on performance, which of the systems (CPU, RAM, traffic) is loaded the most?

Is it possible to reduce resource consumption through parameters like specifying the interface that will be dump?

How much traffic can fw monitor and tcpdump also load?

0 Kudos
5 Replies
Alex-
Leader Leader
Leader

Use cppcap instead of tcpdump.

Kernel debug will have an impact on your FW, especially if it's already loaded as you say. They have to be started and stopped properly.

It's best to consult first with TAC to review your situation.

(1)
DmitriyDubovik
Contributor

TAC give you an answer for multiple days, we can t wait so long. Problem is in thing, that documentation don t describe important things like how much impact of performance, in what situation we can it on, in what we cant and another things...

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Can you please explain why you need tcpdump and fw monitor for traffic analysis ? Usually cpview gives you the needed look into secureXL state, see the following:

sk167553: Performance Investigation Procedure - How To

sk98348: Best Practices - Security Gateway Performance

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
DmitriyDubovik
Contributor

unstable traffic in video conferences without any negative symptoms (packet drops in the smartlog, CPU overload, and etc) is a main problem

0 Kudos
DmitriyDubovik
Contributor

And the most interesting question is whether the load will change depending on the parameters that you set

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events