[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] HTTP Security Servers consuming all CPU, out of the blue
Beginning this week I have a problem on our two gateways. Out of the blue, the HTTP security servers will begin consuming all available CPU on the gateways. This happens at peak browsing times in the company (around lunch time). Performance drops to the point that browsing becomes impossible, with the infamous "fw1 cannot connect to www server" messages being displayed. What I found alarming was that it hit our European gateway early in the morning (USA time, afternoon their time) and then hit our USA gateway mid-day that same day. Both gateways are running FW-1 4.1 SP3 on NT 4.0 SP6a. The gateways are Compaq dual 500mhz with 512mb RAM. I have increased the number of security servers from 1 to 2 by adding "80 in.ahhttpd wait -2" to fwauthd.conf. And also increased the http_buffer_size (16384) in objects.c per a performance tuning guideline from Checkpoint. Still the problem continues. I do run several rules that invoke the security servers via http->URI resources to check for things like code red and filter out streaming media files. But I've been running these same rules for weeks/years so I'm puzzled why now all of a sudden the problems are arising. Looking at performance logs I cannot discern any increase in packets being processed by the firewall so I don't think it is due to higher loads being placed on the firewalls than in the past. I'm not saying it isn't but I can't see it with the performance data I have captured. The only way I've been able to keep the firewalls running is to disable these rules. The number of connections averages about 800-1000 without the http->URI resource rules and 1900-2300 with the rules. Any suggestions on how to further troubleshoot? ---------------------------------------------------------------------------------------- Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [email protected] Voice:Fax:================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|