Allocating a CPU Core for Heavy Logging

If the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. generates very large number of logs, it may be advisable to allocate a processing CPU core to the fwd daemon, which generates the logs.

Note - This change decreases the number of CPU cores available for CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances.

Important Notes for Cluster:

To allocate a processing CPU core to the fwd daemon:

See Configuring Affinity Settings.




Connect to the command line on Security Gateway (each Cluster Member).


Log in to the Expert mode.





Enter the number of the Check Point CoreXL option.


Decrease the number of CoreXL Firewall instances.

See Configuring IPv4 and IPv6 CoreXL Firewall instances.


Exit from the cpconfig menu.


Examine which processing CPU cores run the CoreXL Firewall instances and which CPU cores handle the traffic from interfaces:

fw ctl affinity -l -r

See fw ctl affinity.


Back up the $FWDIR/conf/fwaffinity.conf file:



Edit the $FWDIR/conf/fwaffinity.conf file:

vi $FWDIR/conf/fwaffinity.conf


Allocate one of the remaining CPU cores to the fwd daemon.

To do so, configure the affinityClosed The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. of the fwd daemon to that CPU core.

n fwd <CPU ID>

For example, to affine the fwd daemon to CPU core #2, add this line:

n fwd 2

Note - It is important to avoid the CPU cores that run the CoreXL SND instances only if these CPU cores are explicitly defined for the affinities of interfaces. If affinity of interfaces is configured in the Automatic mode, the fwd daemon can use all CPU cores that do not run CoreXL Firewall instances. Traffic from interfaces is automatically diverted to other CPU cores.


Save the changes in the file and exit the editor.


Apply the new configuration:

  • To apply immediately, run:


  • To apply later, reboot the Security Gateway (each Cluster Member).