|
|
|
If the Security Gateway generates very large number of logs, it may be advisable to allocate a processing CPU core to the fwd daemon, which generates the logs.
Note - This change reduces the number of CPU cores available for CoreXL Firewall instances.
Important Notes for Cluster:
Schedule a full maintenance window and follow the instructions in the R80.20 Installation and Upgrade Guide - Chapter Upgrading ClusterXL Deployments.
Perform either a Minimal Effort Upgrade procedure (requires downtime), or a Zero Downtime Upgrade procedure (no downtime, but active connections are lost). Instead of the version upgrade, configure the CoreXL on each cluster member.
To allocate a processing CPU core to the fwd daemon:
Step |
Description |
|---|---|
1 |
Connect to the command line on Security Gateway. |
2 |
Log in to Expert mode. |
3 |
Run:
|
4 |
Enter the number of the Check Point CoreXL option. |
5 |
|
6 |
Exit from the |
7 |
Configure the affinity of the fwd daemon in the |
7A |
Examine which processing CPU cores run the CoreXL Firewall instances and which CPU cores handle the traffic from interfaces. Run: |
7B |
Edit the
Allocate one of the remaining CPU cores to the fwd daemon. To do so, configure the affinity of the fwd daemon to that CPU core. For example, to affine the fwd daemon to CPU core #2, add this line:
Note: It is important to avoid the CPU cores that run the CoreXL SNDs only if these CPU cores are explicitly defined for the affinities of interfaces. If affinity of interfaces is configured in the Automatic mode, the fwd daemon can use all CPU cores that do not run CoreXL Firewall instances. Traffic from interfaces is automatically diverted to other CPU cores. |
7C |
Save the changes in the |
8 |
Apply the new configuration:
|
