Check Point - View/Analyze Firewall Statistics - CLI

Check Point - View/Analyze Firewall Statistics - CLI

"fw ctl pstat" command helps to view and analyze firewall statistics - System Capacity Summary, Hash kernel memory (hmem) statistics, System kernel memory (smem) statistics, Kernel memory (kmem) statistics, Cookies, Connections, Fragments, NAT and Sync.

Syntax:  

fw ctl pstat


Example:



CheckPoint-Firewall-1>
CheckPoint-Firewall-1>
CheckPoint-Firewall-1> fw ctl pstat

System Capacity Summary:
  Memory used: 10% (906 MB out of 8995 MB) - below watermark
  Concurrent Connections: 14711 (Unlimited)
  Aggressive Aging is not active



Hash kernel memory (hmem) statistics:
  Total memory allocated: 939524096 bytes in 229376 (4096 bytes) blocks using 1 pool
  Total memory bytes  used: 110964304   unused: 828559792 (88.19%)   peak: 275797876
  Total memory blocks used:    29754   unused:   199622 (87%)   peak:    69041
  Allocations: 2973292326 alloc, 0 failed alloc, 2972371604 free

System kernel memory (smem) statistics:
  Total memory  bytes  used: 1562014700   peak: 1637268168
  Total memory bytes wasted: 19268533
    Blocking  memory  bytes   used:  9323456   peak: 10206048
    Non-Blocking memory bytes used: 1552691244   peak: 1627062120
  Allocations: 3531743 alloc, 0 failed alloc, 3522718 free, 0 failed free
  vmalloc bytes  used: 1535613668 expensive: no

Kernel memory (kmem) statistics:
  Total memory  bytes  used: 730416708   peak: 903400200
  Allocations: 2976731264 alloc, 0 failed alloc
               2975804540 free, 0 failed free
  External Allocations: 0 for packets, 87249934 for SXL

Cookies:
        616785959 total, 0 alloc, 0 free,
        159 dup, 1858687205 get, 970255 put,
        620791859 len, 666 cached len, 0 chain alloc,
        0 chain free

Connections:
        1104181 total, 136685 TCP, 967119 UDP, 94 ICMP,
        283 other, 0 anticipated, 0 recovered, 14711 concurrent,
        24758 peak concurrent

Fragments:
        2268 fragments, 1068 packets, 0 expired, 0 short,
        0 large, 0 duplicates, 0 failures

NAT:
        36620/0 forw, 1/0 bckw, 1 tcpudp,
        0 icmp, 9407-22585774 alloc

Sync:
        Version: new
        Status: Able to Send/Receive sync packets
        Sync packets sent:
         total : 23536733,  retransmitted : 7941, retrans reqs : 4806,  acks : 10007
        Sync packets received:
         total : -461197207,  were queued : 13052, dropped by net : 8667
         retrans reqs : 3578, received 64567 acks
         retrans reqs for illegal seq : 0
         dropped updates as a result of sync overload: 3044

CheckPoint-Firewall-1>
CheckPoint-Firewall-1>

Comments

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall