Security Acceleration Module

Similar documents
How To Import New Client MSI Files and Upgrade Profiles

How to Configure ClusterXL for L2 Link Aggregation

Data Loss Prevention. R75.40 Hotfix. Getting Started Guide. 3 May Classification: [Protected]

Endpoint Security. E80.30 Localized Version. Release Notes

R Release Notes. 6 March Classification: [Protected] [Restricted] ONLY for designated groups and individuals

How To Configure and Tune CoreXL on SecurePlatform

How To Troubleshoot VPN Issues in Site to Site

Security Gateway Virtual Edition

Check Point GO R75. Release Notes. 21 December Classification: [Public]

Endpoint Security Release Notes

Endpoint Security webrh

Remote Access Clients for Windows 32/64-bit

How to Connect with SSL Network Extender using a Certificate

How To Configure IPSO as a DHCP Server

How To Configure OCSP

SmartWorkflow R Administration Guide. 29 May Classification: [Restricted]

SecuRemote for Windows 32-bit/64-bit

Check Point Appliance

Security Gateway for OpenStack

How To Install IPSO 6.2

Installing the A4505A PCI Module Upgrade. HP Part No. A Edition E0297 Printed in U.S.A.

Important Information

Security Gateway Virtual Edition

Data Loss Prevention R71. Release Notes

Power-1. Getting Started Guide. Models: P-10, P-20, P July Classification: [Protected] P/N:

Installing the Cisco ADE 2130 and 2140 Series Appliance Hardware Options

XTM 1050 Replacement Parts Installation

QUICK START GUIDE 7000 SERIES DEVICES. 3D7010/7020/7030 (Chassis: CHRY-1U-AC) 3D7115/7125, AMP7150 (Chassis: GERY-1U-4C8S-AC)

VSX-1 NGX R67. Getting Started Guide. Models: U-40, P-20, P-30

Installing and Managing the Switch

QUICK START GUIDE 7000 SERIES DEVICES

Check Point Appliance

Install your TPS 440T and 2200T security devices

Check Point Appliance

How To Install SecurePlatform with PXE

How to Set Up Your SRX4100 Services Gateway

apple Service Source Xserve RAID 17 March Apple Computer, Inc. All rights reserved.

HP P6300/P6500 EVA Fibre Channel Controller Replacement Instructions

DLP-1 R71. Getting Started Guide. Models: P-20, U July 2010 P/N

DNS-2608 Enterprise JBOD Enclosure User Manual

apple Service Source Xserve RAID Xserve RAID and Xserve RAID (SFP) Updated: 25 May Apple Computer, Inc. All rights reserved.

Installing the A4504A PMC Bridge Adapter and A4509A Expansion Adapter. HP Part No. A Edition E1197 Printed in U.S.A.

Quick Start. This document describes how to install the Juniper Networks PTX5000 Packet Transport

Next Generation Firewall

ADP1440-C06 for AXP1440

Security Gateway 80 R Administration Guide

I/O Modules Overview. Before You Begin. I/O Module Options. ESD Requirements

CHECK POINT NEXT GENERATION SECURITY GATEWAY FOR THE DATACENTER

Check Point Mobile VPN for ios

CHECK POINT AND SECURITY SYSTEMS

Remote Access Clients for Windows 32-bit/64-bit

Catalyst 6500 Series Wireless LAN Services Module Installation and Verification Note

R Release Notes. 18 August Classification: [Public]

Next Generation Firewall

Cisco CDE465 DIMM Reseating and Replacement Procedure. Modification History

Maintaining the ERX System

HP ProLiant DL165 G7 Server

VSEC FOR OPENSTACK R80.10

Next Generation Firewall

SCv3000 and SCv3020 Storage System. Owner s Manual

Check Point VSX

Installing the Cisco Unified Videoconferencing 3545 MCU

LifeSize ClearSea Installation Guide August 2012

M-series and T-series Routing Engine and MCS Installation Instructions

Dell SC5020 and SC5020F Storage System Owner s Manual

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

Finding the pain. Delivering the solution.

Dell SCv3000 and SCv3020 Storage System Owner s Manual

Dell SC7020 and SC7020F Storage Systems Owner s Manual

M-series, MX-series, and T-series Routing Engine and MCS Installation Instructions

DX Application Acceleration Platform Quick Start

VelaSync HIGH-SPEED TIME SERVER. Quick Reference Guide

H3C SecPath M9000-S NSQM2MPUD0 main processing unit

Maintaining the ERX System

EXN4000 Storage Expansion Unit Installation and Setup Instructions

Manager Appliance Quick Start Guide

Table of Contents - 1. Predator PO3-600 User s Guide

ExtremeSwitching 210 and 220 Series Switches: Hardware Installation Guide

Cisco FirePOWER 8000 Series Appliances

Junos WebApp Secure 5.0 Hardware Guide

FWA-6280A User Manual 1. FWA-6280A User Manual

Veritas Appliance Hardware Service Procedure

Next Generation Firewall

SDRAM Installation Instructions

Veritas Appliance Hardware Service Procedure

How to Set Up Your SRX340 Services Gateway

Check Point Appliance

HP ProLiant SL160z G6 Server

GigaStor Upgradeable 2U. User Guide

Routing Engine, MCS, and CB Installation Instructions

Check Point Appliances

PRISMA VelaSync HIGH-SPEED TIME SERVER. Getting Started Guide

Stonesoft Next Generation Firewall. Hardware Guide Models 5201, 5205, Revision C

Upgrading and Servicing Guide

G3-APEX-ENT-32T. Apex technical specifications. Parts list

Installing and Replacing Hardware Options

Table of Contents Quick Install Guide page Introduction Safety Rack System Precautions ESD Precautions...

Installation and Upgrade Guide

Maintaining E-Series Routers

Upgrading and Servicing Guide

Transcription:

Security Acceleration Module Getting Started Guide 15 December 2013 Classification: [Protected] P/N: 705386

2013 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Ordering Information To order a Security Acceleration Module, contact Check Point (quote@checkpoint.com). The SKU is CPAC-SAM108. Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: (http://supportcontent.checkpoint.com/documentation_download?id=18043) To learn more, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about the 21000 Appliance, see the 21000 Appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk23641). Revision History Date 15 December 2013 General formatting updates 5 November 2013 Updated show sam np connections (on page 19) and show sam np cpu-usage (on page 20) 14 May 2013 Added Uninstalling the Security Acceleration Module ("Uninstalling the Security Acceleration Module Tray" on page 14) Added show asset (on page 18) 21 August 2012 First release of this document Updated Monitoring the Security Acceleration Module Using the WebUI (on page 16) Updated show sam np # cpu-usage ("show sam np cpuusage" on page 20) Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on Security Acceleration Module Getting Started Guide).

Contents Important Information... 3 Introduction... 5 Welcome... 5 Overview of the 21000 Appliance... 5 Overview of the Security Acceleration Module... 5 Supported Line Cards... 6 Preparing the 21000 Appliance... 7 Security Acceleration Module Upgrade Kit Contents... 7 To prepare the 21000 Appliance:... 7 Installing Security Acceleration Module... 9 Installing the Security Acceleration Module Tray... 9 Configuring the Acceleration Ready Ports... 12 Uninstalling the Security Acceleration Module Tray... 14 Disabling Security Acceleration Module... 14 Removing the Security Acceleration Module Tray... 14 Installing the Placeholder Tray... 15 Verifying that Traffic is Accelerated... 15 Monitoring the Security Acceleration Module Using the WebUI... 16 Example SAM Monitor Page... 17 Monitoring Security Acceleration Module Hardware Health... 17 Monitoring the Security Acceleration Module Using the CLI... 18 show asset... 18 show sam connections summary... 19 show sam cpu-usage summary... 19 show sam np connections... 19 show sam np cpu-usage... 20 show sam status... 21 show sam summary... 21

Introduction Introduction Welcome Thank you for choosing Check Point s 21000 Appliance and the Security Acceleration Module. We hope that you will be satisfied with this system and our support services. Check Point products are the most up to date and secure solutions available today. Check Point also delivers worldwide educational, professional and support services through a network of Authorized Training Centers, Certified Support Partners and Check Point technical support personnel. We make sure that you get the most out of your security investment. For more about the Internet Security Product Suite and other security solutions, see the Check Point Web site (http://www.checkpoint.com), or call Check Point at 1(800) 429-4391. For more technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com). Welcome to the Check Point family. We look forward to meeting all of your current and future network, application and management security needs. Overview of the 21000 Appliance The Check Point 21000 Appliance models are ideally suited for securing medium to large data center environments and high-end enterprise networks. The 21000 Appliance models are purpose-built Security Gateways in a compact 2U form factor. The acceleration options extend firewall throughput up to 100 Gbps with significantly lower packet latency. The 21000 Appliance models remove complexity with central management of security protection services on one platform. With the Check Point security-leading Software Blades technology, these appliances can provide: VPN, IPS, Application Control, Mobile Access, Application and URL Filtering, DLP, Anti-Virus & Anti-Malware, Web Security and Anti-Spam & Email Security. The 21000 Appliance models are highly modular, for greater scalability and flexibility. Up to 36 I/O ports are available with the optional 12x1GbE copper and fiber (SFP) Network Interface Cards. For 10GbE network connectivity, an optional 4x10GbE fiber (SFP+) module is also available. This makes the 21000 Appliance ideal for demanding network environments, and for securing many different networks. The 21000 Appliance models deliver high serviceability and redundancy for these components that you can hot-swap: dual power-supplies, system fans, and dual hard-disk drive with RAID support. Accessories include NICs, memory upgrades and a LOM (Lights-Out Management) card module for out-of-band management. This appliance supports the SecurePlatform and Gaia Operating Systems. Gaia is a single, unified network security Operating System that combines the best of Check Point's SecurePlatform and IPSO, the operating system from the Nokia security products. Gaia supports the full portfolio of Check Point Software Blades, Security Gateway and Security Management products. For more about installing and using 21000 Appliance, see the appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk68701). Overview of the Security Acceleration Module The Check Point Security Acceleration Module for the 21000 Appliance is designed to meet the needs of high-performance and low latency customer environments. Network security traffic can be offloaded from the general purpose CPU to the Security Acceleration Module, letting customers run many security functions in highly demanding network environments. Key features of the Security Acceleration Module: Designed for Low Latency Environments Ideal for transaction-oriented environments, the Security Acceleration Module delivers sub five micro-seconds of network latency, enabling security in highperformance environments with minimal latency. Security Acceleration Module Getting Started Guide 5

Supported Line Cards Purpose Built SecurityCore Technology With purpose-built hardware acceleration to improve the power of security processing, the Security Acceleration Module features 108 dedicated security cores for ultra-fast security performance. Maximum Security and Performance Offers maximum security and performance of business-critical applications, with up to 110 Gbps of firewall throughput and an overall system power boost to 2,900 SecurityPower Units in the 21000 Appliance. The Security Acceleration Module delivers 300,000 connections per second and a 9X forwarding rate, with up to 60 million packets per second. Supported Line Cards The 21000 Appliance front panel has three slots for Line Cards, also known as Network Interface Cards (NICs). The 10GbE SFP+ 4 port Acceleration Ready Line Card supports the Security Acceleration Module. Line Cards that support the Security Acceleration Module are labeled Acceleration Ready. These Line Cards are available for the 21000 Appliance: Item Line Card Security Acceleration Module Support 1 10GbE SFP+ Line Card, 4 Port 10 Gb Ethernet PCI-e line card for SFP+ transceivers No 2 1GbE SFP Line Card, 12 Port 3 1GbE Copper Line Card, 12 port 4 10GbE SFP+ Acceleration Ready Line Card, 4 Port 12 port 1Gb Ethernet PCI-e line card for SFP transceivers 12 port 1000BaseT PCI-e line card 10 Gb Ethernet Acceleration Ready line card No No Yes Security Acceleration Module Getting Started Guide 6

Preparing the 21000 Appliance Preparing the 21000 Appliance Important -We recommend that only experienced personnel install or remove hardware components. Installing or removing components incorrectly can permanently damage the appliance. Before you start to install or remove the Security Acceleration Module, make sure that: The rear of the appliance is accessible, either installed into a rack or on a bench top, with sufficient clearance behind the appliance to allow insertion of the Security Acceleration Module. You can connect to the WebUI or CLI to shut down the appliance. You have Acceleration Ready Line cards installed in the appliance. You have the Check Point Security Acceleration Module Upgrade Kit. Important - To protect the appliance and the Security Acceleration Module from electrostatic discharge damage, make sure that you are properly grounded before you touch any of the electronic components. Read the Health and Safety Information in the Check Point 21000 Appliance Getting Started Guide (http://supportcontent.checkpoint.com/solutions?id=sk23641) before you start to prepare the appliance. We recommend that you use the grounding wrist strap that is included in the upgrade kit. The grounding plug on the rear of the appliance provides a chassis grounding point. Security Acceleration Module Upgrade Kit Contents This guide - 21000 Appliance Security Acceleration Module Getting Started Guide Security Acceleration Module ESD grounding strap (anti-static) To prepare the 21000 Appliance: 1. Make sure that you can access the rear of the appliance. It can be installed into a rack or on a bench top. There must be sufficient clearance to insert the Security Acceleration Module tray into the rear of the appliance. 2. Connect to the appliance. To connect using the WebUI, connect a standard network cable to the appliance management interface (marked MGMT) and to your management network. Browse to https://<management IP address>. To connect using the CLI, use one of these ways: Connect a console cable to connect the front panel CONSOLE port to a computer, and open up a console window. Connect through SSH to the appliance management interface IP address using a terminal emulation program. Use the CLI window in the WebUI toolbar. 3. Enter your user name and password. 4. Shut down the appliance. Using the WebUI: In the Maintenance > Shut Down page, click Halt. Using the CLI: Run halt The appliance shuts down. Security Acceleration Module Getting Started Guide 7

5. From the rear of the appliance, press and hold the power switch to turn off the appliance. 6. Remove the power cords from the appliance. 7. Put on an ESD strap and attach the other end to a grounding point. 8. Use a Philips screwdriver and loosen the two retaining screws for the top tray. Preparing the 21000 Appliance 9. Pull the extraction handles for the top tray and remove the placeholder tray from the appliance. Note - The previous diagram shows the 21400 appliance. Item 1 Top tray with Security Acceleration Module 2 Bottom tray with the system board 3 Two retaining screws and extraction handles for the top tray 4 Grounding point for ESD strap Security Acceleration Module Getting Started Guide 8

Installing Security Acceleration Module Installing Security Acceleration Module This workflow shows how to install Security Acceleration Module in an appliance. For new appliances and clean installations, make sure that you configure the SAM interfaces after you complete the First Time Configuration Wizard. 1. Prepare the appliance ("Preparing the 21000 Appliance" on page 7). 2. Install the Security Acceleration Module tray in the appliance ("Installing the Security Acceleration Module Tray" on page 9). 3. Turn on the appliance. 4. For a clean installation of the supported version of the Gaia operating system, run the First Time Configuration Wizard. 5. Configure Security Acceleration Module on the interfaces ("Configuring the Acceleration Ready Ports" on page 12). 6. Reboot the appliance. Installing the Security Acceleration Module Tray Item 1 The tray is labeled Security Acceleration Module. 2 Cooling fans. The Security Acceleration Module fan units are redundant. If a fan fails, it can be replaced. 3 Memory sockets with DIMMs installed. The memory is replaceable. Security Acceleration Module Getting Started Guide 9

Installing Security Acceleration Module To install the Security Acceleration Module: 1. From the rear of the appliance, push the Security Acceleration Module tray into the top slot. 2. Make sure that there is no space between the top and bottom tray. 3. Tighten the two top retaining screws to make sure that the top tray is securely installed. Security Acceleration Module Getting Started Guide 10

Installing Security Acceleration Module To make sure the Security Acceleration Module is installed correctly: 1. Make sure there is no space between the extraction handles and the rear panel. 2. Connect the power cords to the appliance. The appliance turns on. 3. Use a serial cable to connect the front panel CONSOLE port to a computer. 4. Connect to the appliance with a terminal emulation program such as Microsoft HyperTerminal or PuTTY. 5. When the appliance is ready, log in. 6. Run the command show sam status The appliance shows this message: OK All NPs are in running state If the response is not OK, reboot the appliance one or more times. If there is still a problem, contact Technical Support. Security Acceleration Module Getting Started Guide 11

Installing Security Acceleration Module Configuring the Acceleration Ready Ports 1. Connect to the appliance To connect using the WebUI, connect a standard network cable to the appliance management interface (marked MGMT) and to your management network. Browse to https://<management IP address>. To connect using the CLI, use one of these ways: Connect a console cable to connect the front panel CONSOLE port to a computer, and open up a console window. Connect through SSH to the appliance management interface IP address using a terminal emulation program. Use the CLI window in the WebUI toolbar. 2. Enable acceleration for appliance network interfaces on an acceleration enabled Line Card. Use the WebUI or the CLI. 3. Reboot the appliance. To enable acceleration on an interface with the WebUI: 1. In the WebUI, open the Network Management > Network Interfaces page. Column Name SAM The name of the appliance interface. Line Card slots are numbered from 1 on the top to 3 on the bottom. The interface ports are numbered from 1, left to right. For example, for a 12-port card the ports are numbered 1 on the left to 12 on the right. The interface eth1-02 is the second port from the left in the top Line Card. For Acceleration Enabled Line Cards: If the appliance interface is enabled for acceleration (Yes or No). For other Line Cards, the value is blank. 2. Select the interface and click Edit. The Edit <interface name> window opens. 3. Select the SAM tab. Security Acceleration Module Getting Started Guide 12

Installing Security Acceleration Module 4. Select Enable SAM Mode 5. Click OK. 6. Do steps 2-5 again for each interface that accelerates traffic. 7. Go to the Maintenance > Shut Down page. 8. Click Reboot. To enable acceleration on an interface with the CLI: From the CLI, run these commands: set interface <if_name> sam-mode on save config reboot Syntax Enable or disable an appliance interface for acceleration by the Security Acceleration Module set interface <if_name> sam-mode {on off} Parameters Parameter <if_name> The name of the appliance interface. Line Card slots are numbered from 1 on the top to 3 on the bottom. The interface ports are numbered from 1, left to right. For example, for a 12-port card the ports are numbered 1 on the left to 12 on the right. The interface eth1-02 is the second port from the left in the top Line Card. Example Comments sam-mode {on off} set interface eth1-04 sam-mode on If the appliance interface is enabled for acceleration. You must save the configuration and reboot the appliance after running this command. Security Acceleration Module Getting Started Guide 13

Uninstalling the Security Acceleration Module Tray Uninstalling the Security Acceleration Module Tray The Security Acceleration Module is in the top slot of the appliance. If it is necessary to use the appliance without the Security Acceleration Module, then you must install the placeholder tray in the top slot. This workflow shows how to remove Security Acceleration Module from an appliance and install the placeholder tray. 1. Disable Acceleration mode on the appliance ("Disabling Security Acceleration Module" on page 14). 2. Remove the Security Acceleration Module tray from the appliance ("Removing the Security Acceleration Module Tray" on page 14). 3. Install the placeholder tray ("Installing the Placeholder Tray" on page 15). 4. Turn on the appliance. Disabling Security Acceleration Module Disable Acceleration Mode on the appliance before you remove the Security Acceleration Module tray. To disable Security Acceleration Module with the WebUI: 1. Use an Internet browser to connect to the appliance. 2. Log in to the appliance. 3. For each SAM interface do these steps: a) In the WebUI, click Network Management > Network Interfaces. b) Select the SAM interface and click Edit. c) Select the SAM tab. d) Clear Enable SAM Mode. e) Click OK. A window opens and tells you to reboot the appliance after you configure all the SAM interfaces. 4. Shut down the appliance, in the Maintenance > Shut Down page, click Halt. 5. From the rear of the appliance, press and hold the power switch to turn off the appliance. To disable Security Acceleration Module with the CLI: 1. From the CLI, run these commands: set interface <if_name> sam-mode off save config halt The appliance shuts down. 2. From the rear of the appliance, press and hold the power switch to turn off the appliance. Removing the Security Acceleration Module Tray Make sure that the appliance is turned off and that the rear of the appliance is accessible. Important - Only use the appliance when the Security Acceleration Module or the placeholder tray is in the upper slot to make sure the appliance is cooled correctly. To remove the Security Acceleration Module tray: 1. Remove the power cords from the appliance. 2. Use a Philips screwdriver and loosen the two retaining screws for the top tray. 3. Pull the extraction handles for the top tray and remove the Security Acceleration Module tray from the appliance. Security Acceleration Module Getting Started Guide 14

Verifying that Traffic is Accelerated Installing the Placeholder Tray To install the placeholder tray: 1. From the rear of the appliance, slide the placeholder tray into the top slot. 2. Make sure that there is no space between the upper tray and bottom tray. 3. Tighten the two retaining screws to make sure that the top tray is securely installed. 4. Make sure there is no gap between the extraction handles and the rear panel. 5. Make sure that the placeholder tray is installed correctly. a) Connect the power cords to the appliance. The appliance turns on. b) Make sure that the LCD screen shows the appliance model. Verifying that Traffic is Accelerated Verify that the traffic through the Acceleration Ready Line Card ports is accelerated by monitoring the acceleration LED. Line Card LEDs Item 1 Activity OFF - No Activity Slow Blink (Amber) - Activity Security Acceleration Module Getting Started Guide 15

Monitoring the Security Acceleration Module Using the WebUI Item 2 Link OFF - No Link ON (Green) - Link 3 Accelerated Port OFF Port served by the appliance motherboard without acceleration ON (Blue) Port served by Security Acceleration Module Monitoring the Security Acceleration Module Using the WebUI You can monitor the core usage and number of connections per core in the Security Acceleration Module. Traffic from the network interfaces is distributed to the NP (Network Processors). To monitor the Security Acceleration Module using the WebUI: 1. Connect to the WebUI. 2. Open the Network Management > SAM Monitor page. The three bar graphs at the top of the page show the number of cores with High, Medium and Low core load for each NP. 3. Click on an NP bar graph. The bar graphs at the bottom of the page, in the Detailed Core Information section, show the details for that NP. 4. In the Detailed Core Information section, Click the Usage tab. The graph shows the percentage usage of the cores. Cores with Low, Medium and High loads are shown by color. Each of the cores in the NP is identified by number. 5. Click the Connections tab. The graph shows the connections handled by the cores, compared to the average over all the cores. Cores with Low, Medium and High numbers of connection are shown by color. Each of the cores in the NP is identified by number. 6. Click the Table tab. The table shows usage and connection data per core. To download the data to a text file, click Download SAM Data and then click Generate Text file. To configure range divisions for graphs: Usage Range Divisions - Select the range boundary values to define Low, Medium and High core load. Connections Range Divisions Select the range boundary values to define Low, Medium and High core connections, relative to the average. Security Acceleration Module Getting Started Guide 16

Monitoring the Security Acceleration Module Using the WebUI Example SAM Monitor Page Monitoring Security Acceleration Module Hardware Health You can monitor the: Temperature of the Security Acceleration Module. Temperatures of the Network Processors. Fan speed. Major voltages. To monitor the Security Acceleration Module hardware health using the WebUI: 1. Connect to the WebUI. 2. Open the Maintenance > Hardware Health page. Security Acceleration Module Getting Started Guide 17

Monitoring the Security Acceleration Module Using the CLI Monitoring the Security Acceleration Module Using the CLI You can monitor the core usage and number of connections per core in the Security Acceleration Module. Traffic from the network interfaces is distributed to the NP (Network Processors). To monitor the Security Acceleration Module Using the CLI: 1. Connect to the CLI. 2. To see available monitoring commands, run show sam <TAB> and press Enter. These commands are available: show sam connections show sam cpu-usage show sam np # connections show sam np # cpu-usage show sam status show sam summary show asset Shows a summary of the hardware components that are installed on the appliance. Each memory slot has two DIMMs. The following example shows a Security Acceleration Module that is upgraded to 24 GB of memory. Syntax > show asset all Example SAM> show asset all Platform: G-50 Model: Check Point 21400 Serial Number: To Be Filled By O.E.M. CPU Frequency: 2400.183 Number of disks: 2 Disk 1 Model: ABC 1234 Disk 1 Capacity: 500 GB Disk 2 Model: ABC 5678 Disk 2 Capacity: 500 GB Sam Present: Yes Sam CPLD Version: 4 Sam Serial Number: Sam Total Memory: 23.7 GB Slot 1 Memory: 7.92 GB Slot 2 Memory: 7.92 GB Slot 3 Memory: 7.92 GB Security Acceleration Module Getting Started Guide 18

Monitoring the Security Acceleration Module Using the CLI show sam connections summary Shows a summary of the connections through the Security Acceleration Module, for each of the three network processors. Syntax > show sam connections summary Example SAM> show sam connections summary NP Total Connections on NP NP #1 384 NP #2 384 NP #3 384 show sam cpu-usage summary Shows a summary of core CPU usage on the network processors of the Security Acceleration Module Syntax > show sam cpu-usage summary Example SAM> show sam cpu-usage summary CPU Usage Summary on Network Processors Mean 34.2% (on 105 cores) Usage Cores Percentage 0-30% 2 6% 30-70% 96 91% 70-100% 3 3% show sam np connections Shows the number of connections on one of the three network processors (NP) in one of these views: Grid, Summary, Top, and Top 10. Syntax show sam np <num> connections {grid summary top <top num> top-10} Parameter <num> <top num> Number of network processor Top number of connections on one of the three network processors Examples SAM> show sam np 1 connections grid Cores Current Connections 0-5 0 0 8 8 8 8 6-11 8 8 8 8 8 8 12-17 8 8 8 8 8 8 18-23 8 8 8 8 8 8 24-29 8 8 8 8 8 8 30-35 8 8 8 8 8 - Global Connections 0 (not associated with any core) Security Acceleration Module Getting Started Guide 19

SAM> show sam np 2 connections summary Connections Count Summary on Network Processor #2 Total 256 (including global) Global 0 Mean 7.8 (on 33 cores, excluding global) Connections Cores Percentage < 8 1 3% >=8 32 97% SAM> show sam np 1 connections top 4 Core Current Connections 3 8 4 8 5 8 6 8 (4 out of 33 values shown) show sam np cpu-usage Monitoring the Security Acceleration Module Using the CLI Each of the three CPUs contains 36 cores. Security Acceleration Module uses 35 cores on each CPU for data processing. Shows the CPU usage on one of the three network processors (NP) in one of these views: Grid, Summary, Top, and Top 10. Syntax show sam np <num> cpu-usage {grid summary top <top num> top-10} Parameter <num> <top num> Number of network processor Top number of connections on one of the three network processors Examples SAM> show sam np 1 cpu-usage grid Cores CPU Usage Percent 0-5 0 0 71 35 36 36 6-11 35 35 35 35 36 36 12-17 36 35 35 35 36 35 18-23 3S 35 35 35 36 35 24-29 35 35 34 36 35 35 30-35 35 35 35 35 36 - SAM> show sam np 1 cpu-usage summary CPU Usage Summary on Network Processor #1 Mean 34.1% (on 35 cores) Usage Cores Percentage 0-31% 2 6% 30-70% 32 91% 70-100% 1 3% SAM>show sam np 1 cpu-usage top-10 CPU Usage Percent 2 71 4 36 5 36 11 36 34 36 3 35 6 35 7 35 8 35 9 35 (10 out of 35 values shown) Security Acceleration Module Getting Started Guide 20

show sam status Monitoring the Security Acceleration Module Using the CLI Shows a summary of the connections through the Security Acceleration Module, for each of the three network processors. Syntax Example Comments Shows whether the Network Processors are working. show sam status SAM> show sam status OK All NPs are in running state If the response is not OK, reboot the appliance one or more times. If there is still a problem, contact Technical Support. show sam summary Syntax Shows a summary of: CPU usage on network processors The number of connections on each network processor > show sam summary Example SAM> show sam summary CPU Usage Summary on Network Processors Mean 34.2% (on 105 cores) Usage Cores Percentage 0-30% 6 6% 30-70% 96 91% 70%-100% 3 3% NP Total Connections on NP NP #1 384 NP #2 384 HP #3 384 Security Acceleration Module Getting Started Guide 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback