The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
CPU load and traffic latency after activating Anti-Bot and/or Anti-Virus blade on Security Gateway
R75, R76, R77, R77.10, R77.20, R77.30
Gaia, SecurePlatform 2.6, Crossbeam XOS
Platform / Model
After activating Anti-Bot and/or Anti-Virus blade and installing the Threat Prevention policy on Security Gateway:
CPU load on Security Gateway increases significantly (refer to the output of "top" / "mpstat" commands).
Traffic throughput on Security Gateway decreases significantly; traffic latency is experienced.
Example for CIFS traffic:
When only IPS blade is enabled (Anti-Bot and Anti-Virus blades are disabled):
Internet speed is between 180-250 Mbit/sec, download and upload
CIFS data transfer between workstation and server is around 60-90 Mbit/sec
Ping latency is around 2-3 msec with or without CIFS data transfer
When both IPS blade and Anti-Bot / Anti-Virus blades are enabled:
Internet speed is around 100 Mbit/sec, download and upload
CIFS data transfer between workstation and server is around 15 Mbit/sec
Ping latency is around 40-70 msec during CIFS data transfer
Issue mostly occurs when passing complex traffic like CIFS, NFS, etc.
Output of "fwaccel conns" command shows the involved complex traffic with either "S" flag, or "F" flag - the traffic goes via Medium path (PXL), or via Firewall path / Slow path (F2F) - i.e., traffic is not fully accelerated.
The involved traffic is inspected by Anti-Bot / Anti-Virus blade even if it is not matched to any rule in the Threat Prevention policy.