April 16th, 2002, 05:49 PM
Checkpoint Threshold Numbers
I have read earlier posts that indicate there are some rather experienced CPfw-1 admins out there. I wonder if I might trouble you on a technical question? I'm looking at a SUN Ultra 10 with CPfw-1, what would be you suggestions on the warning threshold settings for; CPU, currently at 70% - Load, currently at 2/sec - Packets, currently at 16/sec - Errors, currently at 2/sec - Context, currently at 32/sec - Swap, currently at 2/sec - Interrupts, currently at 50/sec and Collisions, currently at 2/sec.
I'm just tring to get an understanding of exactly what kind of load is on this box. Any help is certainly appreciated.
April 16th, 2002, 10:23 PM
You should have posted this in the firewall forum.
But anyway, I am not sure exactly what you are asking. If these are perf stats from your box, you might want to monitor the CPU usage. A snapshot of utilization on a server is not at all any kind of indicator of the server load. You really need to monitor these things over a period of time, perhaps one or two weeks.
If you are still at 70% CPU, that is a bit high. I would recommend no more than a 60% avg utilization, but occasional spikes are nothing to worry about.
Collisions are also not a good thing. Do you have your firewall connected to a hub or a switch?
Also, this is not really a Checkpoint question at all, it is more of a sys admin question, but give some more detail, and I can try to help.
BTW how big is your objects.C file and how big are your rulebases? Also, is management separate from the FW gateways.
April 17th, 2002, 05:29 PM
YA I know, I relized what I was asking after I sent it. Anyway, the object.c file is at 136449 and the rulebase.fws file is 107712. I believe there is a router at both the public and private ends. My concern stems from Checkpoint indicating that this box has a maximun of 2000 user, wellllll..... we've reached that value. So from the concole I started the performance meter and was quite alarmed by some of the numbers. The number I indicated above were the thresholds currently set on the box (default). With this box acting as a firewall I was wondering at what point I should become concerned, at what value should they be set. Here are the actual numbers; CPU @30%, Load @1, Packets @1300, Errors @0, Context @1700, Swap @0, Interrupts @1000, Collisions @10. These are visual averages during about an hour of our busiest time.
Can you making anything out of these numbers, agian you help is appricated.
April 17th, 2002, 08:34 PM
Well...if this information is accurate, then I would not say you have too much of a problem at this point. However, if you have 2000 users as you say, I can tell you that an Ultra10 is probably a bit small, especially if you are doing logging and management on that box.
I would recommend going with a Nokia IP series appliance to run your FW gateway if you have the budget.
But as the saying goes...if it ain't broke, don't fix it...