Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Sole
Mentor
Mentor
Jump to solution

IPS Analyzer Tool - are you running it?

The IPS Analyzer Tool runs on your gateway for a short amount of time, and issues an HTML report of which individual IPS protections took the most CPU and RAM on the gateway during the runtime of the tool.

Supported Gateways are R77 and above.

For more information go to IPS Analyzer Tool - How to analyze IPS performance efficiently 

I wanted to use this thread to ask who is running it and what are your thoughts of it. 

Q: Why can't I run it from SmartConsole by default?

A: We plan to add that in one of our next releases.

(Don't mind the actual names of the protections in this screenshot, this image is not a result of a run on an actual gateway, it is a random generation of existing protection names, just to showcase the report's look and feel):

Smadi ParadiseOmer Shliva

2 Solutions

Accepted Solutions
_Val_
Admin
Admin

See above, the tool is discontinued.

View solution in original post

0 Kudos
L_Daniel
Employee Alumnus
Employee Alumnus

Hey Tomer & All 

 

I will like to share with you the following 2 SK that you can use in case you want to do Performance investigation & Protection Impact understanding . 

 

Solution 1: 

From version 81.10 , we have a better tool than the Analyzer, the tool was migrated on top of the HCP tool ( See SK171436 - HeathCheck Point HCP ) , once you install the HCP it will be possible to see the protections impact on the system in the final report under the Threat Prevention section. 

In order to see the Threat Prevention in the HCP report do the following :

  •  hcp --enable-product "Threat Prevention" 
  •  hcp -r all  

it is possible to open the hcp report from inside the smart console using the HCP extension add-on , see "SmartConsole Extension Installation" section from the HCP SK.   if you don't want to use the extension in the smart console , please copy and paste the report from the gateway to your windows environment explore it .   

Screen Shot 2022-12-11 at 14.48.18.png

 

 

 

Screen Shot 2022-12-11 at 14.51.04.png

 

 

 

Solution 2: 

See sk167553 -  "Performance Investigation Procedure - How To"  

The Threat Prevention team created this SK in order to support customers for most common performance investigations , it has almost everything the Threat Prevention team do while investigating system under load . 

 

Hope this answer give you answers for all your questions . 

 

 

 

 

View solution in original post

24 Replies
Smadi_Paradise
Employee Alumnus
Employee Alumnus

Thanks

0 Kudos
Gomboragchaa
Advisor

Thank you,

 It is a little bit complicated to get by an e-mail.

==============================================

For getting the latest version of Analyzer tool please contact:

IPS_Analyzer_Tool@checkpoint.com

==============================================

0 Kudos
Arne_Boettger
Collaborator

I tried to use it, but never got useful output.

First, I did not enjoy using it because with MDS and VSX, there are many steps to perform manually to get visible output.

And second, most of the time my IPS Analyzer output was empty. I am not sure if this was due to "IPS Bypass under load" or simply no relevant connections during my run.

So, third, I was missing a concise instruction like how long to run the capture to get useful output, wether it captures only new connections during the run or also existing connections.

Mircea_Mitroi
Explorer

Hey!

I tried to use it today for a customer and received twice some confusing, incomplete results...there were no protection names. Any idea?

Thx,

Mircea

0 Kudos
Stephan_Minkole
Explorer

Same here.

Any hints to resolve are appreciated.

0 Kudos
Omer_Shliva
Employee
Employee
0 Kudos
r1der
Advisor

Hello, is this tool available for R80.40 or is there something better? I tried to access the link but get an "Access Denied", even when logged in.

You do not have sufficient privileges for this resource or its parent to perform this action.

0 Kudos
Arne_Boettger
Collaborator

Hello,

I, also, wanted to use the IPS Analyzer to verify something in the lab. The SK shows "Access Denied" even tough I can find it an it is listed as "Access Level: Basic".

As @Tomer_Sole seems to be inactive, maybe @Omer_Shliva can give us an explanation?

Kind regards, Arne

0 Kudos
_Val_
Admin
Admin

Hi Arne, the tool is retired, and SK is not longer available. Mind, this post is 4 years old. 

0 Kudos
Marcel_Gramalla
Advisor

I found this tool quite helpful. Is there any new tool for analyzing performance of IPS and maybe even other Blades? Would be really cool to see something like FW is only taking 20% CPU Usage, but IPS adds another 10% and AV/AB 20% etc.. 

0 Kudos
Arne_Boettger
Collaborator

Hi Val,

thank you for the quick response. I found it implemented as "ips stats" and "ips pmstats" and will give it a try with R81.10.

Nonetheless it would be helpful to place this information in an SK article, because a search for "IPS Analyzer" lists sk110737, the popup help lists R81.10 as relevant, but the SK does not load with an error message.

Kind regards, Arne

0 Kudos
_Val_
Admin
Admin

What kind of search are you referring to, Google?

0 Kudos
Marcel_Gramalla
Advisor

Support Page actually displays this:

ips.PNG

0 Kudos
_Val_
Admin
Admin

Hmmm, might be a caching issue, thanks for reporting. I will pass it on to the Support Center ppl

0 Kudos
SarmChanatip
Participant

Hi Val,

I'm just curious if this tool shows the percentage of CPU utilization for each protection name in the report as well.

I've never used this tool before and would like to know how much CPU each IPS protection consumes. 

 

Regards,

Sarm

 

0 Kudos
_Val_
Admin
Admin

See above, the tool is discontinued.

0 Kudos
SarmChanatip
Participant

Hi Val,

I saw your comment about the tool being discontinued, and I am just wondering if the IPS analyzer tool provides information like the percentage of CPU used for each protection.  I'm looking for a way to track how much CPU utilization each IPS protection consumes. 

 

I'd really appreciate it if you could answer here.

 

Regards,

Sarm

0 Kudos
Timothy_Hall
Legend Legend
Legend

You may want to give the newer IPS Collector a try, but it is not clear whether it is supported beyond R81.10:

sk128432: IPS Collector: On demand troubleshooting tool for customers

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
_Val_
Admin
Admin

Asking about obsolete tool capabilities is rather pointless, don't you think?

Performance impact is showing for each protection as Low/Moderate/High, but converting it to a precise percentage is tricky because it all depends on the traffic. 

What are you trying to achieve, exactly?

0 Kudos
L_Daniel
Employee Alumnus
Employee Alumnus

Hey Tomer & All 

 

I will like to share with you the following 2 SK that you can use in case you want to do Performance investigation & Protection Impact understanding . 

 

Solution 1: 

From version 81.10 , we have a better tool than the Analyzer, the tool was migrated on top of the HCP tool ( See SK171436 - HeathCheck Point HCP ) , once you install the HCP it will be possible to see the protections impact on the system in the final report under the Threat Prevention section. 

In order to see the Threat Prevention in the HCP report do the following :

  •  hcp --enable-product "Threat Prevention" 
  •  hcp -r all  

it is possible to open the hcp report from inside the smart console using the HCP extension add-on , see "SmartConsole Extension Installation" section from the HCP SK.   if you don't want to use the extension in the smart console , please copy and paste the report from the gateway to your windows environment explore it .   

Screen Shot 2022-12-11 at 14.48.18.png

 

 

 

Screen Shot 2022-12-11 at 14.51.04.png

 

 

 

Solution 2: 

See sk167553 -  "Performance Investigation Procedure - How To"  

The Threat Prevention team created this SK in order to support customers for most common performance investigations , it has almost everything the Threat Prevention team do while investigating system under load . 

 

Hope this answer give you answers for all your questions . 

 

 

 

 

Timothy_Hall
Legend Legend
Legend

Thanks so much, this will be very helpful for a new offering I am currently working on.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
SarmChanatip
Participant

Hi L_Daniel

Thank you so much for sharing this, I will give it a try.

Regards,

Sarm

0 Kudos
svori
Collaborator
Collaborator

Hi,

Is it safe to run hcp along with TP enabled in production.

Will it have any impact on gateway operation ?

 

Thanks

0 Kudos
L_Daniel
Employee Alumnus
Employee Alumnus

Hello 

 

In general it is another process that will run few tests and close itself, during the runtime it might take few system resources  as any other task you run on the system.  

 

You can either run the hcp as following:

1) execute all HCP tests and get a full report :  hcp -r all     ( this command will take more system resources ) 

2) execute only Threat Prevention tests  and get TP report :   hcp -r "Threat Prevention"    (this command will take less resources that the previous one ) 

 

Hope i succeeded to help 🙂

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events