TRAINING‎ > ‎COURSES‎ > ‎

SecureXL and CoreXL Balancing


  
 
 
CourseSecureXL and CoreXL Balancing
Description

SPLAT and GAIA have several facilities for tuning firewall performance:

  1. SecureXL - Increase the efficiency of rule processing
  2. CoreXL - Distribute processing in a multi-CPU environment
This course first explores the detailed aspects of the Linux architecture that supports SPLAT and GAIA firewall modules. Then the course explores the details of SecureXL and CoreXL for both Next Generation Firewall (NGF) and VSX.  Then the course finishes up with hints on how to tune and debug the overall Linux kernel, Firewall kernel, SecureXL tuning and CoreXL tuning.


Hours

1 day - 8 hours

 Outline
  1. Overview - Course Overview
  2. Linux Overview - A very detailed review of the internals of the  LInux kernel and how it supports SPLAT and GAIA. Specifically we review process management, network processing and interrupt handling.
  3. SecureXL - Detailed review of the SecureXL implementation for both NGF and VSX
  4. CoreXL - Detailed review of the CoreXL implementation for both NGF and VSX and how to balance network interfaces, kernel threads, kernel helpers and Linux processes in a multi-processor environment.
  5. Tuning Tips - Tuning and debug tips for both CoreXL and SecureXL at the kernel level and architecture level.

Labs

This course has instructor led demonstrations of all the key tuning components.

Prerequisites
  1. Mandatory
    1. TCP/IP basics
    2. 2+ years of CheckPoint firewall admin
    3. 2+ years of SPLAT/GAIA CLI debugging
    4. Familiarity with some Unix commands
  2. Helpful
    1. Familiarity with programming; stacks, heaps, functions
    2. Operating system internals; Virtual memory, user/kernel space, device drivers
    3. Linux internals
Materials
  1. Powerpoint slides - Provided
Comments