This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
‎2022-01-20 02:59 AM

correction layer statistics

Please, can someone explain the correction layer statistics. In particular the "local asymmetric conns", are these common values?

[Expert@??????ch01-01-ch01-02:0]# asg_blade_stats corr
1_02:

Getting stats for SXL device 0, may take a few seconds...

Cluster Correction Stats (All Traffic):
------------------------------------------------------
Sent packets: 2058184627 (125824132 with metadata)
Sent bytes: 2,138,385,116,358
Received packets: 902271628 (148901403 with metadata)
Received bytes: 871,614,646,160
Send errors: 0
Receive errors: 0
Local asymmetric conns: 7656898 <- are this the current active asymmetric connection?
ICMP ERROR forwarded packets: 0
ICMP ERROR forwarded bytes: 0
VS Stateless forwarded packets: 1743
VS Stateless forwarded bytes: 586,780

We had problems with connections they are done hide NAT (everything is fine with only one gateway active)

 

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-01-20 04:53 AM

Which distribution mode is used?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Maestro_AdminGuide/Topics-Maestro-...

CCSM R77/R80/ELITE
0 Kudos
Jeffrey_Fogel
Employee Alumnus
Employee Alumnus
‎2022-01-21 12:09 PM

The corrections table is there because in many cases when traffic is NATed, the return packet will hit a different security gateway. This is expected and why we have the corrections layer. It keeps track of all connections which it knows will have return packets will not hit the same gateway in the security group. When the return packet arrives, it utilizes the corrections table to determine which gateway should process the packet. It is then seamlessly forwards over dedicated VLANS in the downlink cables to the correct gateway.

Your distribution mode will play a large part in what the size of this table will be based upon your traffic patterns. Regardless of table size, this correction process is extremely fast.  I can't say if that's a large or small number without more info, but I would imagine the value shown could be up to 100% of the total connections. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events