Allocating a CPU Core for Heavy Logging
If the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. generates very large number of logs, it may be advisable to allocate a processing CPU core to the fwd daemon, which generates the logs.
|
Note - This change decreases the number of CPU cores available for CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances. |
|
Important Notes for Cluster:
|
To allocate a processing CPU core to the fwd daemon:
See Configuring Affinity Settings.
Step |
Instructions |
||||
---|---|---|---|---|---|
1 |
Connect to the command line on Security Gateway (each Cluster Member). |
||||
2 |
Log in to the Expert mode. |
||||
3 |
Run:
|
||||
4 |
Enter the number of the Check Point CoreXL option. |
||||
5 |
Decrease the number of CoreXL Firewall instances. |
||||
6 |
Exit from the |
||||
7 |
Examine which processing CPU cores run the CoreXL Firewall instances and which CPU cores handle the traffic from interfaces:
See fw ctl affinity. |
||||
8 |
Back up the
|
||||
9 |
Edit the
|
||||
10 |
Allocate one of the remaining CPU cores to the fwd daemon. To do so, configure the affinity The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. of the fwd daemon to that CPU core.
For example, to affine the fwd daemon to CPU core #2, add this line:
|
||||
11 |
Save the changes in the file and exit the editor. |
||||
12 |
Apply the new configuration:
|