Troubleshooting guide
Chapter 7 Troubleshooting Security Servers and Content Security
Troubleshooting Security Server Performance problems
Advanced Technical Reference Guide 4.1 • June 2000 63
Troubleshooting Security Server Performance problems
Where there are problems with the HTTP security server and attempts to troubleshoot the problem have been
unsuccessful, it is worth testing the configuration to determine which object is responsible for the slowing down
and blocking of the HTTP security CVP servers, and the reason why.
It is also possible to generate debug information that can be sent to Check Point Support for analysis.
The following test plan was developed for a scenario where, the HTTP security server with a WebSense CVP
server on a loaded network slowed down or became blocked, while other connections worked well.
Test Plan
Diagram of the Environment
Figure 1. Test environment for solving Security Server performance problems
The environment involved the following objects: 2 Solaris machines, a VPN/FireWall
module, HTTP security servers, and a CVP server.
Requirements for the test
1. Separate the VPN-1/FireWall-1 and CVP servers.
2. Monitoring tools like: top, snoops, logs or accounts, and easy access to the objects involved
Solaris machineSolaris machine
FW-1
Security
Server
CVP
Server
HTTP + other connections
Outgoing connections