vinnyd79
asked on
Checkpoint NG - high cpu usage on fwssd.exe
I have recently replaced my old firewall that was running CP 4.1 with a new system running Checkpoint NG. During the day when I have VPN users connected I notice there are many fwssd.exe process' running. One of the process' is eating up 95-98 % of the CPU.
When I check the system late at night or early in the morning all seems to be ok and the system idle process is about 97%. The Server is NT4.0 SP6a. I appreciate any help I can get with this problem.
Thanks.
When I check the system late at night or early in the morning all seems to be ok and the system idle process is about 97%. The Server is NT4.0 SP6a. I appreciate any help I can get with this problem.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry guys,I was away from EE for a while and had forgotten about this question.
If it is not VPN,do you think it could be caused by a rule allowing UserAuth telnet access to one of my servers?The problem occurs during the day when users are logged on,and goes away in the evenings when they log off.
If it is not VPN,do you think it could be caused by a rule allowing UserAuth telnet access to one of my servers?The problem occurs during the day when users are logged on,and goes away in the evenings when they log off.
Yes - it could well be caused by one of Check Point's user authentication mechanisms. Can you disable and retest to check this ?
ASKER
Disabling it would stop a bunch of people from being able to do their work but I guess it would be a good test. I'll give it a try tomorrow morning and see what happens.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check Point running on NT is pretty easy to swamp - I would recommend moving to a faster platform.
The problem is probably caused by an excessive amount of VPN tunnel traffic, generated by a single user. It's quite possible one of your remote users is infected with a virus/worm or maybe just abusing their connections and downloading lots of MP3s, or something...