Hi @ChungNguyen
It is normal for a user mode firewall (before there was only a kernel mode firewall without this process) that the process fwk1_dev_0 has a high CPU load and also over 100%. My guess as to the purpose of the fwk1_dev_0 is that it acts as the liaison between the multiple fwk firewall worker processes (fw instance thread that takes care for the packet processing) and the single fwmod kernel driver instance and the process for high priority cluster thread.
max_CoreXL_number max_CoreXL_number
fwk1_dev_0 = ∑ fwk0_x + ∑ fwk0_dev_x + fwk0_kissd + fwk0_hp
x=0 x=0
More read here: R80.x - Performance Tuning Tip – User Mode Firewall vs. Kernel Mode Firewall
Here is what I would do:
1) Enable AES NI in the BIOS on open server (It should be enabled on a CP appliances).
More here: R8x - Performance Tuning Tip - AES-NI, R8x - Performance Tuning Tip - BIOS
2) Use the following VPN encryption algorithms AES-128 or AES-256. It is directly supported by AES NI from the processor.
The SHA256 or SHA 384 settings are not important because they are only used for a short time when negotiating the VPN (vpnd daemon).
3) If you have an elephant flow, it becomes difficult. In this case, I would check that priority queuing is enabled so that the
remaining connections are distributed more fairly.
More read here R8x - Performance Tuning Tip - Elephant Flows (Heavy Connections).
4) With R80.30 you should also check whether a 2.6 kernel or a 3.10 kernel is installed. The 3.10 kernel works much more efficiently.
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips