I had this same question and posed it to Nokia. I'm running an IP530 with 256 RAM on NGAI R55 HFA_03 at the time. Here is the info that nokia sent me.
Dear Rick Quick, Unfortunately there isn't a guide or chart that will show how much RAM will be used based on the number of users or connections because this will vary quite alot depending on a number of factors. The best way to monitor the RAM usage would be to keep an eye on the % used. If it starts going over 95% that could indicate a problem or lack or RAM. Also keep an eye on the swap space used. Swap space will only be used if the physical memory is being over used or it can't release enough of it to support what needs it at that time. It will be normal to see it being used but if it starts using alot of swap space then that could also indicate a problem or lack of memory. The command to view the swap space is either swapinfo or pstat -ks. You can view and update your case by logging onto the Nokia Support Web at https://support.nokia.com or by replying to this email. Please do not edit the subject or reply-to fields of your email response. Thank you, Craig Nokia Technical Support -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Warrington Bruce - bwarri Sent: Friday, August 26, 2005 7:24 PM To: [email protected] Subject: Re: [FW-1] Question on memory usage for Nokia firewalls Most of the RAM is shown as used even if it's just used for caching, which kind of makes the statistics you get back from those checks not as useful as you'd like. Still, 256 MB is the absolute minimum, and at this point (if you're running the latest versions of IPSO / Checkpoint) I normally consider 512 MB to be the smallest I'd normally buy for a modest company installation (More than a SOHO type install). As you add more memory, you may also have to modify some parms for your CP install to make use of it, as some tables are limited by software and will top out even though you have the extra available memory (and usually complain in the logs, etc). About all I've seen from Nokia is tables like this from the release notes for IPSO (sorry if the formatting stinks in text mode): Check Point Maximum Maximum DRAM maximum conn conn w/ Web Intel Hash table size Mem pool sz mem pool size ------------------------------------------------------- 256 MB 36,000 0 2 MB 48 MB 64 MB 512 MB 135,000 50,000 4 MB 196 MB 256 MB 1 GB 360,000 140,00 8 MB 400 MB 512 MB 2 GB 725,000 325,000 16 MB 800 MB 900 MB Bruce -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Fire Wall Sent: Friday, August 26, 2005 15:28 To: [email protected] Subject: [FW-1] Question on memory usage for Nokia firewalls Greetings: I've noticed that all of my Nokia firewalls are running at about 90-95% for memory usage. The load is very low on these firewalls, and some of them are hardly even active. Yet all of them report very small amounts of free memory. Here's an example: Memory Utilization (KBs) Total Real Memory 262144 Active Real Memory 251264 Free Memory 10880 This tells me that out of 262,144 Bytes (256 Megs of RAM), I only have 10.6 Megs of free memory. Now this is on the inactive node of a VRRP cluster, so it's not passing any traffic. The Load is very low at 0.26. Is this normal behavior is am I having some sort of memory issue here? TIA TJ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************************************ ** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. ************************************************************************ ** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
