Thanks for your response Little Jun, but some observations:
a) this host have 2 GB RAM and when I push the policy, 60% of ram is
free. Then it isn't a RAM problem
b) It is a clean R70 SM installation, I don't upgrade anything. My
test policy only contains 25 objects and 10 rules. It is a really really
small policy to consume 99% cpu when I push the policy.
I have enabled on SM side only management and log. On security gateway
I have enabled only firewall and monitoring options: no VPN, no IPS, no
QoS. Maybe the problem is monitoring???
Somebody have tried to limit cpu usage for fwm??
Little Lun wrote:
Hi,
I forgot to said, you can also retry to remove the old policy package in your
MC.
(the easy way to do this is GUI, just click "Delete" to the policy package.) (File
> Delete > Policy from Package)
(Or using fw merge to delete it.)
because when your load up your MC, the rule database (rulebase_5_0.FWS) will
also content the old policy package. and when you install the policy, it will
load that file too. (that file seems compressed. after un-compressed, it will
was many memory from your RAM.)
By the way, before you delete the policy package.
Remember backup it first. (You can using "database revision control" to backup
it.)
Thanks !
Regards,
Little Lun
--- 2009年6月11日 星期四,Little Lun <[email protected]> 寫道﹕
寄件人: Little Lun <[email protected]>
主題: Re: [FW-1] High load cpu by fwm process
收件人: [email protected]
日期: 2009年6月11日,星期四,上午11:12
Hi,
I think it is normal too ~
when you install the firewall policy, the MC will have many
process need to run.
1. save the policy
2. verifty policy
3. generate and compile the policy package
4. install the policy to FW module
the policy installation time is base on total number of
objects and total number of rules.
and the new version will have more function than the old
version.
if you think the performance is slow. you can try to
upgrade your hardware.
and optimize your object list and rule base.
Thanks !
Regards,
Little Lun
--- 2009年6月11日 星期四,carlopmart <[email protected]>
寫道﹕
寄件人: carlopmart <[email protected]>
主題: Re: [FW-1] High load cpu by fwm process
收件人: [email protected]
日期: 2009年6月11日,星期四,上午3:48
Normal?? Why normal?? I don't think
that this is normal ... no almost on other management
software ...
Reinhard Stich wrote:
hi,
as I see it this is normal. policy install also
took
high cpu in older versions.
br
reinhard
At 19:29 10.06.2009, you wrote:
Hi all,
I have a security management R70 installed
on a rel5.3 host. Every time that I install a policy
on a
security gateway, fwm uses more than 99% of the cpu.
Somebody knows if this is a bug on R70?. Rhel5.3 host
is a
quad-core 2 GHz cpu. On the other side, 50% ram is
free ...
Thanks.
-- CL Martinez
carlopmart {at} gmail {d0t} com
Scanned by Check Point Total Security
Gateway.
=================================================
To set vacation, Out-Of-Office, or away
messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change
your
subscription options, email
[email protected]
=================================================
-- CL Martinez
carlopmart {at} gmail {d0t} com
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Yahoo!香港提供網上安全攻略,教你如何防範黑客!
請前往 http://hk.promo.yahoo.com/security/
了解更多!
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
--
CL Martinez
carlopmart {at} gmail {d0t} com
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
