Allocating Additional CPU Cores to the CoreXL SND
The default configuration of CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances and the CoreXL SND instances might not be optimal for your needs.
If the default number of CoreXL SND instances is not enough to process the incoming traffic, and your Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. has enough CPU cores, you can decrease the number of CoreXL Firewall instances. This automatically allocates additional CPU cores to run the CoreXL SND instances.
This scenario is likely to occur if much of the traffic is accelerated by SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.. In this case, the task load of the CoreXL SND instances may be disproportionate to that of the CoreXL Firewall instances.
To check if the SND is slowing down the traffic:
|
Best Practice - We recommend to allocate an additional CPU core to the CoreXL SND only if all these conditions are met:
If at least one of the above conditions is not met, the default CoreXL configuration is sufficient. |
To allocate an additional processing CPU core to the CoreXL SND:
Item |
Description |
---|---|
1 |
Decrease the number of CoreXL Firewall instances in the |
2 |
Configure interface affinities to the remaining CPU cores. |
3 |
Reboot to apply the new configuration. |