0

My Check Point company firewall which serves about 150 client/servers, is experiencing loading problems and saturates all cpu resources, which brings to a web interface fall down and unability to inspect neither check the monitoring features; this is largely caused by huge downloads or peaks by windows updates of the clients, in fact, it's happening on monday mornings and when users are downloading at high capacity the packets. Our supplier is unable to give us a solution, apart proposing to change firewall for a more powerful one. DO you believe there is really no technique to avoid those saturation? We already tried some QOS policy but this problem is still appearing. I'd like to know how to protect the firewall from this saturation, apart disabiling the packet inspecting. Thanks

SYS64738
  • 33
  • 3
  • I would think that you selected the wrong device for your business imho. you may also disallow what ever big downloads are for you – djdomi Jul 13 '23 at 17:43
  • Additional DB information request, please. OS, Version? RAM size, # cores, any SSD or NVME devices on MySQL Host server? Post TEXT data on justpaste.it and share the links. From your SSH login root, Text results of: A) SELECT COUNT(*), sum(data_length), sum(index_length), sum(data_free) FROM information_schema.tables; B) SHOW GLOBAL STATUS; after minimum 24 hours UPTIME C) SHOW GLOBAL VARIABLES; D) SHOW FULL PROCESSLIST; E) STATUS; not SHOW STATUS, just STATUS; G) SHOW ENGINE INNODB STATUS; for server workload tuning analysis to provide suggestions. – Wilson Hauck Jul 13 '23 at 22:28
  • Post TEXT data on justpaste.it and share the links. Additional very helpful OS information includes - please, htop 1st page, if available, TERMINATE, top -b -n 1 for most active apps, top -b -n 1 -H for details on your mysql threads memory and cpu usage, ulimit -a for list of limits, iostat -xm 5 3 for IOPS by device & core/cpu count, df -h for Used - Free space by device, df -i for inode info by device, free -h for Used - Free Mem: and Swap:, cat /proc/meminfo includes VMallocUused, for server workload tuning analysis to provide suggestions. – Wilson Hauck Jul 13 '23 at 22:28
  • When you're running out of resources the conclusion of an incorrectly incorrectly sized appliance is quite reasonable. - Of course you take mitigating measures, such as disallowing direct web access and deploying a caching web proxy and rather than allowing Windows client to download updates directly from Microsoft use something on-premise such as WSUS for distributing updates, but although that may change your usage patterns somewhat, your appliance is probably still undersized. – HBruijn Jul 14 '23 at 07:43
  • @WilsonHauck - in general the recommendation is for users to ***edit their question*** to add new and relevant information and details, rather than posting useful details on external sites where the content may expire – HBruijn Jul 14 '23 at 07:48
  • @HBruijn And what is the your limit for storage in the Question? That is why external storage is requested. – Wilson Hauck Jul 14 '23 at 12:30
  • @WilsonHauck A quick search show an upper limit of 30.000 characters in a question and/or answer, which should be enough to add the details you requested as inline text. source: https://meta.stackexchange.com/a/176447/282031 - To get an idea of how long a post must be to reach 30.000 characters see [this answer](https://serverfault.com/a/49836/37681) for a good example – HBruijn Jul 14 '23 at 12:48
  • @HBruijn Depending on version of software, results requested could easily exceed your upper limit of 30,000 characters for more than one of our requests. – Wilson Hauck Jul 14 '23 at 13:07

0 Answers0