Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
sumsama1
Captain Captain
Captain
‎2015-10-05 19:37
1168 views

Checkpoint caching

Hi, I have one checkpoint Firewall which caches most of the time. I have made the batching to 300:1 and increased the java heap to 1 Gb but still same. what else can I do to decrease the caching on connector

Labels (3)
Labels
0 Likes
Reply
Report Inappropriate Content
21 Replies
AlexMuratov1
Absent Member.
Absent Member.
‎2015-10-05 20:10

What is EPS?

0 Likes
Reply
Report Inappropriate Content
sumsama1
Captain Captain
Captain
‎2015-10-05 20:50

sent to  manager EPS is 1992.5

0 Likes
Reply
Report Inappropriate Content
sumsama1
Captain Captain
Captain
‎2015-10-05 20:56

Total sent to manager EPS is 7833.1 and for checkpoint it is 2019.6

0 Likes
Reply
Report Inappropriate Content
vitz1
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2015-10-06 11:55

what about Multithreading? Did you already enabel it?

0 Likes
Reply
Report Inappropriate Content
sumsama1
Captain Captain
Captain
‎2015-10-06 13:43

I am using a Check Point OPSEC NG connector for this and are you talking about CPU or ESM transport multithreading ? and should there be a agent.default.properties file because its not there?

0 Likes
Reply
Report Inappropriate Content
pganguly1
Absent Member.
Absent Member.
‎2015-10-07 09:09

Hi Samal ,

Please add below parameter in agent.propertiy

http.transport.threadcount=16

http.transport.multithreaded=true

eventcache.scanforsize=false

http.transport.queuesize=600

agents[0].checkpoint.parser.multithreading.enabled=true

0 Likes
Reply
Report Inappropriate Content
AlexMuratov1
Absent Member.
Absent Member.
‎2015-10-07 18:57

What is ESM Manager version? It may be not able to ingest such high EPS. Though Check Point feed is well compressed usually (btw, check that you enabled field based aggregation) and should not be a problem.

0 Likes
Reply
Report Inappropriate Content
sumsama1
Captain Captain
Captain
‎2015-10-08 18:36

ESM 6.8. What do you suggest the field based aggregation value to be ?

0 Likes
Reply
Report Inappropriate Content
sumsama1
Captain Captain
Captain
‎2015-10-08 18:45

I added all of these values but still its caching..

0 Likes
Reply
Report Inappropriate Content
AlexMuratov1
Absent Member.
Absent Member.
‎2015-10-08 18:48

For Check Point I would suggest the following field based aggregation settings:

Time Interval: 15s

Event Threshold: 1000

Field Names: name, message, transportProtocol, destinationAddress, destinationPort, sourceAddress, deviceAddress

Fields to Sum: bytesIn, bytesOut

Preserve Common Fields: Yes

Important:

Enables aggregation (in secs): Disabled

This is a tricky part since the last setting is not global and it does not affect field based aggregation.

0 Likes
Reply
Report Inappropriate Content
AlexMuratov1
Absent Member.
Absent Member.
‎2015-10-08 18:51

What is RAM allocation for the ESM Manager? Allocate at least 32Gb.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.