Support Center > My Favorites > SecureKnowledge Details
CPU load and traffic latency after activating Anti-Bot and/or Anti-Virus blade on Security Gateway
Symptoms
  • After activating Anti-Bot and/or Anti-Virus blade and installing the Threat Prevention policy on Security Gateway:

    • CPU load on Security Gateway increases significantly (refer to the output of "top" / "mpstat" commands).

    • Traffic throughput on Security Gateway decreases significantly; traffic latency is experienced.

      Example for CIFS traffic:

      • When only IPS blade is enabled (Anti-Bot and Anti-Virus blades are disabled):
        • Internet speed is between 180-250 Mbit/sec, download and upload
        • CIFS data transfer between workstation and server is around 60-90 Mbit/sec
        • Ping latency is around 2-3 msec with or without CIFS data transfer
      • When both IPS blade and Anti-Bot / Anti-Virus blades are enabled:
        • Internet speed is around 100 Mbit/sec, download and upload
        • CIFS data transfer between workstation and server is around 15 Mbit/sec
        • Ping latency is around 40-70 msec during CIFS data transfer
  • Issue mostly occurs when passing complex traffic like CIFS, NFS, etc.

  • Output of "fwaccel conns" command shows the involved complex traffic with either "S" flag, or "F" flag - the traffic goes via Medium path (PXL), or via Firewall path / Slow path (F2F) - i.e., traffic is not fully accelerated.

Cause

The involved traffic is inspected by Anti-Bot / Anti-Virus blade even if it is not matched to any rule in the Threat Prevention policy.


Solution
Note: To view this solution you need to Sign In .