The diskless systems have fewer moving parts. That makes disk activities, like swap file and logging, perform faster for eitherbound traffic.
The 25,000 connection limit leaves 50% for TCP connections. that's why only 12,500 connections are seen by ASM. This is a DoS risk mitigation tactic. You can change this in SMDF under Network Security --> Denial of Service --> Non TCP Flooding. Default is 50%. Are you running Floodgate on that firewall? with SMDF completely off, the slow down goes away? Regards, Neil Delacruz On 7/18/06, Mike Smith <[EMAIL PROTECTED]> wrote:
>The Active Streaming Mechanism is used in the following: >• Error concealment >• Header spoofing >• Directory listing >• ASCII only response >• "Send Error Page" checked (R60/R55W) > >Any defense that sends an HTML error page to the client uses ASM. The >main difference between ASM and PSM (Passive Streaming Mechanism) is >that ASM will analyze the entire request and response header before >sending it to the server and client. ASM uses much more overhead than >PSM. > >I miss the days of the plain-old statefull firewall. But that type of >protection today is not enough. If you want to have very limited >application checks, inferior VPNs, vendor hardware lock-in, and the >worst management of them all, then take the advice and go with PIX. > >Are you really surpassing the 25,000 connections mark? If so, is it >legit traffic? Maybe marketing did some kinda campaign or promo and >didn't notify the security team to except a huge increase in traffic? >Consider going to a diskless system? No, but according to the Checkpoint SE this number is inaccurate when ASM is invoked. A value of 25,000 actually means 12,500 ASM sessions. Most of the traffic is inbound, how would a diskless system help? > >Has the slowdown been resolved since you made the change using ethtool? No, the slowdowns are still occurring with SmartDefense enabled. > >Regards, >Neil Delacruz >>On 7/17/06, Mike Smith <[EMAIL PROTECTED]> wrote: >> A little more information: >> >> The Concurrent connections problem occured when SmartDefense starting using >>Active Streaming to perform layer 7 probes. My understanding is that Active >>Streaming causes two half-session entries to be created in the connection table. >>So you start to drop packets when the number of connections (invoking Active >>Streaming) reaches 50% of maximum connections. >> >> The platform is splat. >> >> I also noticed last week that interfaces on the gateway were recording dropped >>and overrun packets as shown by a ifconfig eth_ command. This only happens when >>SmartDefense is enabled. On Friday I used the ethtool -G rx #### tx #### >>command to increase the number of Receive and Transmit descriptors available to >>the interface. The dropped and overrun packets counters have not changed since >>the # of buffers were increased. >> >> I had a difficult time finding the information regarding the tuning of the >>ethernet interfaces. Can someone direct me to a FAQ or cookbook? >> >> TIA ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
