1: Forwarding and policy enforcement is performed by kernel process and have higher CPU priority than FWM user process. It mean that user process can get only free resources after kernel process and cannot affect regular traffic. 2: Policy verification is performed by GUI client and not buy security management. 3: Only pushing policy into enforcement can affect regular traffic because atomic load that can get several milliseconds but in most cases not affects because buffers used.
Fwm should use CPU in order perform the job faster. Alexey -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Gary Scott Sent: 11 June, 2009 5:02 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] High load cpu by fwm process If you are stuck with a standalone appliance that they won't let you split the license so you can run the recommended distributed architecture than yes I will take 50% to avoid traffic lose on the gateway when installing a policy to its self. I am currently seeing this and hoping the first HF will help address this. -GS ________________________________ From: FW1 Mailinglist mottaker <fw1-maill...@gatesec.no> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Sent: Thursday, June 11, 2009 1:59:23 AM Subject: Re: [FW-1] High load cpu by fwm process Would you rather prefer it used 50% CPU and took twice as long to compile and push the rulebase? Its quite common that when you tell a server to perform a job (preferrably as fast as possible), it will hog as much resources as it needs/can get to do so. As long as your CPU calms down after the policy is pushed I dont see any reason to be worried. Rgds, André -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of carlopmart Posted At: 10. juni 2009 21:48 Posted To: FireWall-1 mailinglist Conversation: [FW-1] High load cpu by fwm process Subject: Re: [FW-1] High load cpu by fwm process Normal?? Why normal?? I don't think that this is normal ... no almost on other management software ... Reinhard Stich wrote: > hi, > > as I see it this is normal. policy install also took high cpu in older > versions. > > br > reinhard > > At 19:29 10.06.2009, you wrote: >> Hi all, >> >> I have a security management R70 installed on a rel5.3 host. Every >> time that I install a policy on a security gateway, fwm uses more than >> 99% of the cpu. Somebody knows if this is a bug on R70?. Rhel5.3 host >> is a quad-core 2 GHz cpu. On the other side, 50% ram is free ... >> >> Thanks. >> >> -- >> CL Martinez >> carlopmart {at} gmail {d0t} com >> >> Scanned by Check Point Total Security Gateway. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to lists...@amadeus.us.checkpoint.com >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> fw-1-ow...@ts.checkpoint.com >> ================================================= > -- CL Martinez carlopmart {at} gmail {d0t} com Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
