|
|
In This Section: |
The following sections show different methods to reduce IPS protections performance impact and to improve gateway performance.
Note - The performance impact of a protection is almost the same for Prevent and Detect modes. Prevent mode sometimes drops traffic and does not inspect it.
The performance impact is derived from the complexity of the protection and the amount of traffic inspected due to the nature of the traffic blend. In addition, you can measure the actual performance impact of protections as follows:
Use the applicable command in Expert mode to gather statistics the about protections performance impact:
Run: get_ips_statistics.sh
Use the IPS Analyzer tool and collect information about the IPS Protections:
The Analyzer tool processes the statistic output and produces a clear HTML report based on that output. The report indicates which IPS protections are causing critical, high or medium load on the gateway. We recommend that you deactivate the critical performance protections or add exceptions as needed. You may contact the Check Point Support Center http://supportcenter.checkpoint.com to report these protections.
When the IPS Software Blade is enabled on a Security Gateway, it might affect network performance due to the need for deep packet inspection on the traffic.
The effect on network performance can be mitigated by correct appliance sizing. Customers who wish to make sure connections are not dropped due to high utilization but rather to exclude them from inspection, can configure the gateway to bypass IPS inspection when there is a heavy load on the server or appliance.
Note - Enabling this mode will impact security effectiveness on the system and is by no means recommended from a security perspective. Correct appliance size should be used to ensure high security effectiveness of the Check Point Threat Prevention solution.
To configure bypass under load on the gateway:
