CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 2 of 2

Thread: High CPU, Strange alerts problem

  1. #1
    Join Date
    Rep Power

    Default High CPU, Strange alerts problem

    Hi All,

    I have Check Point UTM 270 (Total Security) running in cluster - Active/Standby mode.

    I have few issues as follows:

    1. Smart monitor shows alerts - Please see attached, both SRC and DST does not belong to my network.
    2. tcpdump does not show none of these IPs in any interface.
    3. During this time, high CPU usage is seen.
    4. Only 6 active connections/sec at this time.
    5. "top" in the cli shows in.ahttpd uses the most.

    Can anybody please let me know what causes this problem and how to solve this?

    Thanks in advance.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Alerts.JPG 
Views:	306 
Size:	55.6 KB 
ID:	211  

  2. #2
    Join Date
    Rep Power

    Default Re: High CPU, Strange alerts problem

    Those alerts are generated by the URL filtering. Its odd that you claim neither the source nor the destination are on your network--I don't know how you would see those alerts then. Can you trigger legitimate alerts by surfing to those websites? Do those alerts have the correct source / destination?

    You could try to disabling smartdefense for the site & see if that improves performance. However even with SMDF enabled you shouldn't have that poor of a performance if you only have 6 connections & minimal bandwidth utilization. If you want to keep it enabled, I would ask if you've updated smartdefense recently?
    Its all in the documentation.

Similar Threads

  1. Strange slow port 80 problem
    By iorek in forum Miscellaneous
    Replies: 14
    Last Post: 2010-02-09, 06:30
  2. Strange problem with splat installation
    By sebastan_bach in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2008-05-30, 12:58
  3. Strange problem with trunk interfaces after reboot
    By auroranl in forum Check Point SecurePlatform (SPLAT)
    Replies: 2
    Last Post: 2007-07-26, 03:12
  4. Strange problem with CVP
    By woodpecker1 in forum Content Security/Security Servers/CVP/UFP
    Replies: 1
    Last Post: 2007-07-09, 01:47
  5. strange nat-problem with cluster
    By veste in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 13
    Last Post: 2006-07-13, 09:52


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts