Difference between revisions of "Performance Tuning"
From Tech-Wiki
Line 24: | Line 24: | ||
And on Dashboard filter for Hits:High and Very High and move these rules upwards. | And on Dashboard filter for Hits:High and Very High and move these rules upwards. | ||
− | Check the Performance Administration Guide for | + | Check the Performance Administration Guide for [http://downloads.checkpoint.com/dc/download.htm?ID=24808 R77] / [http://downloads.checkpoint.com/dc/download.htm?ID=54765 R80] |
− | + | ||
− | + |
Revision as of 14:40, 8 March 2018
Set these on FWDIR/boot/modules/fwkern.conf
fwmultik_input_queue_len=4096 fwkern_optimize_drops_support=1 activate_optimize_drops_support_now=1 fwha_freeze_state_machine_timeout=90 fwha_enable_state_machine_by_vs=1 cphwd_nat_templates_support=1 cphwd_nat_templates_enabled=1
In SmartDashboard, open Security Gateway object and Go to 'Optimizations' pane. The 'Calculate the maximum limit for concurrent connections' should be set to 'Automatically', or put 150k (the default 50k is too tight)
Ensure CoreXL is enabled in cpconfig, and SecureXL (using 'fwaccel stat')
Consider to use CPU Affinity for interfaces (using 'sim affinity -s')
Check the sk98348 for proper documentation on performance optimization Best Practices.
Disable log for DNS and Proxy rules as the information is stored in application's log, thus the firewall log adds almost no value.
And on Dashboard filter for Hits:High and Very High and move these rules upwards.