This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DmitriyDubovik
Contributor
‎2023-10-27 05:48 AM

tcpdump, fw monitor and fw ctl zdebug commands and performance impact

Good day 

We have highly loaded security gateways that currently need traffic analysis.

In this article https://community.checkpoint.com/t5/Security-Gateways/quot-fw-ctl-zdebug-quot-Helpful-Command-Combin... I came across information that the utility negatively affects on performance .

Please tell me how critically it can affect on performance, which of the systems (CPU, RAM, traffic) is loaded the most?

Is it possible to reduce resource consumption through parameters like specifying the interface that will be dump?

How much traffic can fw monitor and tcpdump also load?

Labels
0 Kudos
5 Replies
Alex-
MVP Silver
MVP Silver
‎2023-10-27 06:01 AM

Use cppcap instead of tcpdump.

Kernel debug will have an impact on your FW, especially if it's already loaded as you say. They have to be started and stopped properly.

It's best to consult first with TAC to review your situation.

(1)
DmitriyDubovik
Contributor
‎2023-10-27 06:06 AM
In response to Alex-

TAC give you an answer for multiple days, we can t wait so long. Problem is in thing, that documentation don t describe important things like how much impact of performance, in what situation we can it on, in what we cant and another things...

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-10-27 06:42 AM
In response to DmitriyDubovik

Can you please explain why you need tcpdump and fw monitor for traffic analysis ? Usually cpview gives you the needed look into secureXL state, see the following:

sk167553: Performance Investigation Procedure - How To

sk98348: Best Practices - Security Gateway Performance

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
DmitriyDubovik
Contributor
‎2023-10-27 06:47 AM
In response to G_W_Albrecht

unstable traffic in video conferences without any negative symptoms (packet drops in the smartlog, CPU overload, and etc) is a main problem

0 Kudos
DmitriyDubovik
Contributor
‎2023-10-27 06:11 AM
In response to Alex-

And the most interesting question is whether the load will change depending on the parameters that you set

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events