CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: High CPU, Strange alerts problem

  1. #1
    Join Date
    2008-02-22
    Posts
    23
    Rep Power
    0

    Default High CPU, Strange alerts problem

    Hi All,

    I have Check Point UTM 270 (Total Security) running in cluster - Active/Standby mode.

    I have few issues as follows:

    1. Smart monitor shows alerts - Please see attached, both SRC and DST does not belong to my network.
    2. tcpdump does not show none of these IPs in any interface.
    3. During this time, high CPU usage is seen.
    4. Only 6 active connections/sec at this time.
    5. "top" in the cli shows in.ahttpd uses the most.

    Can anybody please let me know what causes this problem and how to solve this?

    Thanks in advance.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Alerts.JPG 
Views:	300 
Size:	55.6 KB 
ID:	211  

  2. #2
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    15

    Default Re: High CPU, Strange alerts problem

    Those alerts are generated by the URL filtering. Its odd that you claim neither the source nor the destination are on your network--I don't know how you would see those alerts then. Can you trigger legitimate alerts by surfing to those websites? Do those alerts have the correct source / destination?

    You could try to disabling smartdefense for the site & see if that improves performance. However even with SMDF enabled you shouldn't have that poor of a performance if you only have 6 connections & minimal bandwidth utilization. If you want to keep it enabled, I would ask if you've updated smartdefense recently?
    Its all in the documentation.

Similar Threads

  1. Strange slow port 80 problem
    By iorek in forum Miscellaneous
    Replies: 14
    Last Post: 2010-02-09, 06:30
  2. Strange problem with splat installation
    By sebastan_bach in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2008-05-30, 12:58
  3. Strange problem with trunk interfaces after reboot
    By auroranl in forum Check Point SecurePlatform (SPLAT)
    Replies: 2
    Last Post: 2007-07-26, 03:12
  4. Strange problem with CVP
    By woodpecker1 in forum Content Security/Security Servers/CVP/UFP
    Replies: 1
    Last Post: 2007-07-09, 01:47
  5. strange nat-problem with cluster
    By veste in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 13
    Last Post: 2006-07-13, 09:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •