firewall resources saturation because of huge downloads by users

SYS64738

7/13/24, 4:28 PM

My Check Point company firewall which serves about 150 client/servers, is experiencing loading problems and saturates all cpu resources, which brings to a web interface fall down and unability to inspect neither check the monitoring features; this is largely caused by huge downloads or peaks by windows updates of the clients, in fact, it's happening on monday mornings and when users are downloading at high capacity the packets. Our supplier is unable to give us a solution, apart proposing to change firewall for a more powerful one. DO you believe there is really no technique to avoid those saturation? We already tried some QOS policy but this problem is still appearing. I'd like to know how to protect the firewall from this saturation, apart disabiling the packet inspecting. Thanks

0 + 8

firewall

checkpoint

djdomi

7/13/24, 5:43 PM

I would think that you selected the wrong device for your business imho. you may also disallow what ever big downloads are for you

Wilson Hauck

7/13/24, 10:28 PM

Additional DB information request, please. OS, Version? RAM size, # cores, any SSD or NVME devices on MySQL Host server? Post TEXT data on justpaste.it and share the links. From your SSH login root, Text results of: A) SELECT COUNT(*), sum(data_length), sum(index_length), sum(data_free) FROM information_schema.tables; B) SHOW GLOBAL STATUS; after minimum 24 hours UPTIME C) SHOW GLOBAL VARIABLES; D) SHOW FULL PROCESSLIST; E) STATUS; not SHOW STATUS, just STATUS; G) SHOW ENGINE INNODB STATUS; for server workload tuning analysis to provide suggestions.

Wilson Hauck

7/13/24, 10:28 PM

Post TEXT data on justpaste.it and share the links. Additional very helpful OS information includes - please, htop 1st page, if available, TERMINATE, top -b -n 1 for most active apps, top -b -n 1 -H for details on your mysql threads memory and cpu usage, ulimit -a for list of limits, iostat -xm 5 3 for IOPS by device & core/cpu count, df -h for Used - Free space by device, df -i for inode info by device, free -h for Used - Free Mem: and Swap:, cat /proc/meminfo includes VMallocUused, for server workload tuning analysis to provide suggestions.

HBruijn

7/14/24, 7:43 AM

When you're running out of resources the conclusion of an incorrectly incorrectly sized appliance is quite reasonable. - Of course you take mitigating measures, such as disallowing direct web access and deploying a caching web proxy and rather than allowing Windows client to download updates directly from Microsoft use something on-premise such as WSUS for distributing updates, but although that may change your usage patterns somewhat, your appliance is probably still undersized.

HBruijn

7/14/24, 7:48 AM

@WilsonHauck - in general the recommendation is for users to ***edit their question*** to add new and relevant information and details, rather than posting useful details on external sites where the content may expire

Wilson Hauck

7/14/24, 12:30 PM

@HBruijn And what is the your limit for storage in the Question? That is why external storage is requested.

HBruijn

7/14/24, 12:48 PM

@WilsonHauck A quick search show an upper limit of 30.000 characters in a question and/or answer, which should be enough to add the details you requested as inline text. source: https://meta.stackexchange.com/a/176447/282031 - To get an idea of how long a post must be to reach 30.000 characters see [this answer](https://serverfault.com/a/49836/37681) for a good example

Wilson Hauck

7/14/24, 1:07 PM

@HBruijn Depending on version of software, results requested could easily exceed your upper limit of 30,000 characters for more than one of our requests.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: firewall resources saturation because of huge downloads by users

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.