Checkpoint Threshold Numbers
Results 1 to 4 of 4

Thread: Checkpoint Threshold Numbers

  1. #1
    Junior Member
    Join Date
    Nov 2001
    Posts
    18

    Checkpoint Threshold Numbers

    I have read earlier posts that indicate there are some rather experienced CPfw-1 admins out there. I wonder if I might trouble you on a technical question? I'm looking at a SUN Ultra 10 with CPfw-1, what would be you suggestions on the warning threshold settings for; CPU, currently at 70% - Load, currently at 2/sec - Packets, currently at 16/sec - Errors, currently at 2/sec - Context, currently at 32/sec - Swap, currently at 2/sec - Interrupts, currently at 50/sec and Collisions, currently at 2/sec.

    I'm just tring to get an understanding of exactly what kind of load is on this box. Any help is certainly appreciated.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    You should have posted this in the firewall forum.

    But anyway, I am not sure exactly what you are asking. If these are perf stats from your box, you might want to monitor the CPU usage. A snapshot of utilization on a server is not at all any kind of indicator of the server load. You really need to monitor these things over a period of time, perhaps one or two weeks.

    If you are still at 70% CPU, that is a bit high. I would recommend no more than a 60% avg utilization, but occasional spikes are nothing to worry about.

    Collisions are also not a good thing. Do you have your firewall connected to a hub or a switch?

    Also, this is not really a Checkpoint question at all, it is more of a sys admin question, but give some more detail, and I can try to help.

    BTW how big is your objects.C file and how big are your rulebases? Also, is management separate from the FW gateways.

  3. #3
    Junior Member
    Join Date
    Nov 2001
    Posts
    18
    iNViCTuS---
    YA I know, I relized what I was asking after I sent it. Anyway, the object.c file is at 136449 and the rulebase.fws file is 107712. I believe there is a router at both the public and private ends. My concern stems from Checkpoint indicating that this box has a maximun of 2000 user, wellllll..... we've reached that value. So from the concole I started the performance meter and was quite alarmed by some of the numbers. The number I indicated above were the thresholds currently set on the box (default). With this box acting as a firewall I was wondering at what point I should become concerned, at what value should they be set. Here are the actual numbers; CPU @30%, Load @1, Packets @1300, Errors @0, Context @1700, Swap @0, Interrupts @1000, Collisions @10. These are visual averages during about an hour of our busiest time.
    Can you making anything out of these numbers, agian you help is appricated.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Well...if this information is accurate, then I would not say you have too much of a problem at this point. However, if you have 2000 users as you say, I can tell you that an Ultra10 is probably a bit small, especially if you are doing logging and management on that box.

    I would recommend going with a Nokia IP series appliance to run your FW gateway if you have the budget.

    But as the saying goes...if it ain't broke, don't fix it...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •