High CPU utilization when protocol enforcement is enabled in Check Point

book

Article ID: 167865

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Protocol Type enabled in Service Properties can cause high CPU utilization.In some cases, when firewall is under heavy load, the protocol enforcement (Protocol Type) enabled in Service Properties in Check Point configuration can trigger high CPU utilization alarm.

Cause

When Protocol Type is selected under Advanced settings of the Service Properties dialog, Check Point firewall performs protocol enforcement. These additional security checks require more CPU resources and in case there is a lot of small packets, it can affect performance, lead to high CPU utilization and trigger XOS alarms.

Resolution

If Protocol Enforcement is mandated for security reasons, this solution should be considered as temporary and root cause should be investigated together with Check Point. 

Workaround

Setting the Protocol Type to None disables Protocol Enforcement and ensures that packets are accelerated (if SecureXL is enabled). 

In SmartDashboard under Services tab open the Service Properties dialog, then click the Advanced button and select None in the Protocol Type field:

User-added image
  

Attachments