[FW-1] Question about Floodgate

Tue, 04 Sep 2007 08:10:40 -0700 

I have a question for checkpoint flood-gate gurus in the forum.
   
  I have NG AI R55 with HFA_20 running on SPLAT enforcement
module.  This module is being managed from a Provider-1 NG 
AI R55 with HFA_20.  I have single firewall at the moment
but I configure ClusterXL on this firewall because I will
add a second firewall for Active/Active very soon.  Everything
is working so far.
   
  I also have Floodgate on the SPLAT enforcement.  I have
3 floodgate rules (including the default rule):
  1)  Any  Any  ssh   weigh_70  
2)  Any  Any  FTP   weigh_15
3)  Any  Any  any   weigh_10
  I have this setup "per rule" ONLY.
   
  All interfaces on the SPLAT box is Fast-Ethernet full-duplex.
   
  I open three Secure Copy (SCP) sessions from a host behind
the firewall to three different SSH servers outside
the firewall (I control those ssh servers) and one FTP session 
from the same host to an external FTP server (I control this
FTP server as well).
   
  I started downloading via scp from the ssh sessions a 100MB 
file size.  All three scp sessions, I am getting about 16Mbps
download each.  Immediately after starting the secure copy 
session, I started the FTP session.  Much to my amazement,
I am getting about 20Mbps download with FTP.  At the same
time, I am seeing my secure copy session going down from
16mbps to 10mbps on all three of them.  
   
  With Floodgate, I thought my ssh traffics are getting
a much higher priority than FTP traffics.  If that is true,
then how come my FTP traffics throughput is higher than
my ssh traffics,and that when FTP is going on, it takes away
bandwith from my SSH traffics. 
   
  Can some explain this?  Thanks.

       
---------------------------------
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out. 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to