Preformance Issue

[Coronabeer]

Hello,

I am having some internet preformance issue when I apply my smart defense and web intelligence polices.

I have a NGX60 with high aval 2 Nokia 350's.

Any clue?

[Coronabeer]

More info sorry..


When they are applied my internet becomes very sluggish. When I remove them, the connection is normal.

[chillyjim]

Aren't 350's kind of old?

Anyway there are several protections that really eat your CPU. They should warn you before you activate them. They also should tell you in the desriptions which ones are hogs.

[Coronabeer]

IP 350's ....

But my cpu sits at 7 - 10 % when the rules are applied. I dont beleive its CPU realted. Concurrent connections sit at around 727.

[northlandboy]

IP350s are getting on a bit, but they're still OK platforms, for that sort of number of connections.

SD/Web Intelligence covers a lot of things. Which ones are you turning on? Did you enable specific checks, or just turn on everything?

You're probably going to have to go through them slowly, enabling different checks, comparing performance.

Worm catcher can be intensive on CPU, not sure about the others.

May also pay to check HFA & IPSO versions.

[rayden69]

I have found this one to be a big help and generally the one that really slows down smart defense! this is SK31200 in the checkpoint knowledge portal!


In web security, put <HTTP Protocol Inspection> | <ASCI Only Response
Headers> to monitor only AND set the "protection Scope" to < Apply to
connections related to URI resources>.

SK31200
1. High CPU use caused by configuration applying to many
connections

Symptoms:

Traffic through the Security Gateway may be
connections>slower than expected, particularly HTTP traffic.

Traffic through VPNs may also run slower than expected.

Traffic performance increases and CPU use drops significantly, after setting SmartDefense HTTP Protocol Inspection to apply only to connections related to resources.