Align CPU core to the Check Point Virtual Firewall context in Performance Management

book

Article ID: 207027

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

There is currently no clear concise way in DX NetOps Performance Management to determine which CPU goes with which "VS" or virtual context.

The CPU's are simply named with numerical strings. There is no identifiable information to help to determine which CPU core belongs to which VS.

I have looked through the Checkpoint MIB's to see if I can locate an OID that would give us any identifiable information per CPU to no avail.

Sample item names causing confusion are showing up like this:

  • Checkpoint Multi CPU: 18.0
  • Checkpoint Multi CPU: 21.0
  • Checkpoint Multi CPU: 34.0

In a report for just these items how can we determine which Virtual Firewall context or VS it belongs to?

Cause

This is due to limitations of the Check Point MIB OID data.

There is no MIB OID available that exposes a value allowing for reliable association between the CPU and the Virtual Firewall context or VS it is allocated to.

Making this more difficult, Check Point recommends the devices be configured where CPU allocation for the VS contexts is a dynamic operation, constantly changing in real-time as a given VS requires more resources than another.

Environment

All supported DX NetOps Performance Management releases

Resolution

Request the Check Point Vendor add a new MIB OID that exposes a method to associate a given CPU core to the VS context it is allocated to.

Once that is available, submit a new Certification Request Support case to the Support team. We'll have engineering update the Check Point certifications to create the CPU core to VS context associations.

When submitting a Certification Request please ensure the information documented in the Requirements for Performance Management Certification Request Knowledge Base article are attached to the new Support case.