Protocol Type enabled in Service Properties can cause high CPU utilization.In some cases, when firewall is under heavy load, the protocol enforcement (Protocol Type) enabled in Service Properties in Check Point configuration can trigger high CPU utilization alarm.

When Protocol Type is selected under Advanced settings of the Service Properties dialog, Check Point firewall performs protocol enforcement. These additional security checks require more CPU resources and in case there is a lot of small packets, it can affect performance, lead to high CPU utilization and trigger XOS alarms.

If Protocol Enforcement is mandated for security reasons, this solution should be considered as temporary and root cause should be investigated together with Check Point. 

Workaround

Setting the Protocol Type to None disables Protocol Enforcement and ensures that packets are accelerated (if SecureXL is enabled). 

In SmartDashboard under Services tab open the Service Properties dialog, then click the Advanced button and select None in the Protocol Type field: