Solved

Checkpoint NG - high cpu usage on fwssd.exe

Posted on 2004-09-23
6
3,892 Views
Last Modified: 2013-11-16
I have recently replaced my old firewall that was running CP 4.1 with a new system running Checkpoint NG. During the day when I have VPN users connected I notice there are many fwssd.exe process' running. One of the process' is eating up 95-98 % of the CPU.
When I check the system late at night or early in the morning all seems to be ok and the system idle process is about 97%. The Server is NT4.0 SP6a. I appreciate any help I can get with this problem.

Thanks.
0
Comment
Question by:vinnyd79
  • 3
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12143125
It's the CheckPoint Security Server Daemon.  One of these will be kicked off every time a user logs on.
Check Point running on NT is pretty easy to swamp - I would recommend moving to a faster platform.
The problem is probably caused by an excessive amount of VPN tunnel traffic, generated by a single user.  It's quite possible one of your remote users is infected with a virus/worm or maybe just abusing their connections and downloading lots of MP3s, or something...
0
 
LVL 3

Assisted Solution

by:dschwartzer
dschwartzer earned 250 total points
ID: 12154413
Security server (SS) is used whenever you have  a 'resource' usage in the rulebase. For example - you are doing a UFP of CVP on the http/ftp traffic. If so, all the traffic is forwarded to the SS, and then to the appropriate 3rd party AV/server.
Anyway, look through the rulebase and try to remove the unneeded 'resource' usage. Otherwise, SS's are known for their CPU utilization. There're number of alternatives to some stuff SS's are used for. E.g. there's a URL logging mechanism, which is now also implemented in kernel - and is much faster - so you should check out kernel alternatives...

Tim, it can't be VPN, because all VPN solutions (besides SSL) are kernel based - so no user process is involved.
And, just FYI, it has been tested and proven that Intel processors are much better performers on VPN related stuff, then say Sparcs. So Intel is better then Sparc, but SPlat is better then Windows, especially NT...

Daniel
0
 
LVL 28

Author Comment

by:vinnyd79
ID: 12608565
Sorry guys,I was away from EE for a while and had forgotten about this question.
If it is not VPN,do you think it could be caused by a rule allowing UserAuth telnet access to one of my servers?The problem occurs during the day when users are logged on,and goes away in the evenings when they log off.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 12608765
Yes - it could well be caused by one of Check Point's user authentication mechanisms.  Can you disable and retest to check this ?
0
 
LVL 28

Author Comment

by:vinnyd79
ID: 12617589
Disabling it would stop a bunch of people from being able to do their work but I guess it would be a good test. I'll give it a try tomorrow morning and see what happens.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
ID: 12618882
I mean turn off the telnet authentication mechanism (I assume you mean the Check Point User Auth whereby users have to authenticate with the firewall in order to use telnet ??), so users can access the telnet server direct...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
centos kvm host, routing sip/udp to vm - iptables 15 67
Rule Iptables 1 60
perimeter firewall HA impact on outages 2 52
PCAnywhere 2 100
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now