[FW1] Message-ID: <396104D2@mail.pdq.net>

Sun, 18 Jun 2000 20:49:00 -0700 



Chris,

Unfortunately, you have hit by a well know "bug" in Checkpoint's http
security server of Websense - which has not been fixed in
4.0 X, its rumored to be fixed in 4.1 SP2. keep your fingers
crossed. there is solution - use Cacheflow enginer or Cisco WCCP
router with Caching engine which can call upon the websense
server runing on NT box.

the Checkpoint security servers are consuming the CPU resources
since there is a bug in them when the number of user http connections
crosses by 3500. if you turn off the websense rule in your security
policy - you will notice immediately that CPU falls down. and
everthing is hunky dory.

hope this helps.


ate: Sat, 17 Jun 2000 21:36:25 -0400
From: Chris Labatt-Simon - D&D Consulting <[EMAIL PROTECTED]>
Subject: [FW1] fw process pegged/UFP Caching/URL Logging

Hi all -

We have a customer running dual Enterprise 250's, Checkpoint 2000
(Enterprise, Strong [using VPN]), Websense, a separate management station
and Stonebeat FullCluster.  The fw process on the machines pretty much
hovers around 75-85% of CPU utilization.  It has been suggested that we
implement Active Mode TCP Streaming, UFP Caching and Kernel URL Logging to
decrease the CPU utilization.  There are quite a few caveats to this
configuration, including:

- - Activation of Active Mode TCP Streaming is "less secure" than Passive Mode
- - UFP Caching has some issues of incorrectly caching some sites

Has anyone seen any issues, or have anything good to say, about configuring
FW1 in this manner?  We have a few concerns and want to know that it works
first.

Thanks!

Chris

- -----------------------------------------------------------------
Chris Labatt-Simon                      E-MAIL: [EMAIL PROTECTED]
D & D Consulting, Ltd.                  WEB: http://www.dandd.com
Albany, New York                        PHONE: (518) 218-0900




===============================================================================
=
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
===============================================================================
=


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to