Difference between revisions of "Performance Tuning"
(5 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
'''[[Check Point#Gaia|Back to Gaia]]''' | '''[[Check Point#Gaia|Back to Gaia]]''' | ||
− | Set these on FWDIR/boot/modules/fwkern.conf | + | Set these on $FWDIR/boot/modules/fwkern.conf |
fwmultik_input_queue_len=4096 | fwmultik_input_queue_len=4096 | ||
fwkern_optimize_drops_support=1 | fwkern_optimize_drops_support=1 | ||
Line 10: | Line 10: | ||
cphwd_nat_templates_support=1 | cphwd_nat_templates_support=1 | ||
cphwd_nat_templates_enabled=1 | cphwd_nat_templates_enabled=1 | ||
+ | |||
+ | On clish: | ||
+ | set interface eth0 rx-ringsize 2048 | ||
In SmartDashboard, open Security Gateway object and Go to 'Optimizations' pane. The 'Calculate the maximum limit for concurrent connections' should be set to 'Automatically', or put 150k (the default 50k is too tight) | In SmartDashboard, open Security Gateway object and Go to 'Optimizations' pane. The 'Calculate the maximum limit for concurrent connections' should be set to 'Automatically', or put 150k (the default 50k is too tight) | ||
− | |||
Ensure CoreXL is enabled in cpconfig, and SecureXL (using 'fwaccel stat') | Ensure CoreXL is enabled in cpconfig, and SecureXL (using 'fwaccel stat') | ||
Line 18: | Line 20: | ||
Consider to use CPU Affinity for interfaces (using 'sim affinity -s') | Consider to use CPU Affinity for interfaces (using 'sim affinity -s') | ||
− | Check the sk98348 for proper documentation on performance optimization Best Practices. | + | Enable Multi-queue (using 'cpmq set') |
+ | |||
+ | Check the '''sk98348''' for proper documentation on performance optimization Best Practices. | ||
+ | |||
+ | Disable the monitoring performance counters for Traffic Connections and Traffic Throughput on gateway properties. | ||
Disable log for DNS and Proxy rules as the information is stored in application's log, thus the firewall log adds almost no value. | Disable log for DNS and Proxy rules as the information is stored in application's log, thus the firewall log adds almost no value. |
Latest revision as of 01:38, 30 October 2018
Set these on $FWDIR/boot/modules/fwkern.conf
fwmultik_input_queue_len=4096 fwkern_optimize_drops_support=1 activate_optimize_drops_support_now=1 fwha_freeze_state_machine_timeout=90 fwha_enable_state_machine_by_vs=1 cphwd_nat_templates_support=1 cphwd_nat_templates_enabled=1
On clish:
set interface eth0 rx-ringsize 2048
In SmartDashboard, open Security Gateway object and Go to 'Optimizations' pane. The 'Calculate the maximum limit for concurrent connections' should be set to 'Automatically', or put 150k (the default 50k is too tight)
Ensure CoreXL is enabled in cpconfig, and SecureXL (using 'fwaccel stat')
Consider to use CPU Affinity for interfaces (using 'sim affinity -s')
Enable Multi-queue (using 'cpmq set')
Check the sk98348 for proper documentation on performance optimization Best Practices.
Disable the monitoring performance counters for Traffic Connections and Traffic Throughput on gateway properties.
Disable log for DNS and Proxy rules as the information is stored in application's log, thus the firewall log adds almost no value.
And on Dashboard filter for Hits:High and Very High and move these rules upwards.
Check the Performance Tuning Administration Guide for R77 / R80