This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hllrdm
Contributor
‎2022-03-14 06:28 AM
Jump to solution

RAD's high utilization

Hello.

We at the Security Gateway have found that our RAD process loads the CPU heavily.
Is there any debugging of this process to understand why it loads the CPU?
Maybe we can look at the buffer?

0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-14 06:58 AM
In response to Hllrdm
Jump to solution

Source sk163793 but as above if it's really high please review the other reference SK  provided. Might require anti-malware cache tuning etc.

If the issue persists there after please contact TAC.

CCSM R77/R80/ELITE

View solution in original post

Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-22 03:34 AM
In response to Hllrdm
Jump to solution

 

What is the actual problem (user symptom) that you're trying to troubleshoot and is TAC engaged?

1.) Manage & Settings > Blades > Application Control & URL Filtering > Check Point online web service > Website categorization mode: Hold / Background / Custom.

2.) Manage & Settings > Blades > Threat Prevention > Check Point Online Web Service > Resource classification mode: Hold / Background / Custom.

CCSM R77/R80/ELITE

View solution in original post

10 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-14 06:49 AM
Jump to solution

From R80.40 RAD is multi-threaded, you will see more RAD processes, and CPU can exceed 100%. Within reason this is a usual behavior.

If you're seeing excessive numbers (500%) see sk167553 section 4.7.4

CCSM R77/R80/ELITE
Hllrdm
Contributor
‎2022-03-14 06:52 AM
In response to Chris_Atkinson
Jump to solution

Is there any confirmation in sk or additional documentation that says this is expected behavior?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-14 06:58 AM
In response to Hllrdm
Jump to solution

Source sk163793 but as above if it's really high please review the other reference SK  provided. Might require anti-malware cache tuning etc.

If the issue persists there after please contact TAC.

CCSM R77/R80/ELITE
Hllrdm
Contributor
‎2022-03-14 07:13 AM
In response to Chris_Atkinson
Jump to solution

Thank you. Could you please tell us how we can view the buffer of this process. We have a suspicion that our buffer is full, because the mode is hold

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-14 07:29 AM
In response to Hllrdm
Jump to solution

For the various services leveraging RAD please see the commands in sk105179 (AV/AB) & sk64280 / sk90422 (URLF).

 

CCSM R77/R80/ELITE
0 Kudos
Hllrdm
Contributor
‎2022-03-15 12:11 AM
In response to Chris_Atkinson
Jump to solution

Unfortunately, I could not find a command to check the buffer for the RAD service. Have you come across such a need?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-03-15 12:46 AM
In response to Hllrdm
Jump to solution

See sk90422 - How to modify URL Filtering cache size?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-15 02:14 AM
In response to Hllrdm
Jump to solution

The knowledge base article IDs I provided include these commands.

Please explain what you are attempting to check more clearly?

 

 

CCSM R77/R80/ELITE
0 Kudos
Hllrdm
Contributor
‎2022-03-21 12:11 AM
In response to Chris_Atkinson
Jump to solution

Can you tell me how to remove the hold action for entries in the RAD process? Our records also have a hold action.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-03-22 03:34 AM
In response to Hllrdm
Jump to solution

 

What is the actual problem (user symptom) that you're trying to troubleshoot and is TAC engaged?

1.) Manage & Settings > Blades > Application Control & URL Filtering > Check Point online web service > Website categorization mode: Hold / Background / Custom.

2.) Manage & Settings > Blades > Threat Prevention > Check Point Online Web Service > Resource classification mode: Hold / Background / Custom.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events