On Tue, 4 Sep 2007, cisco4ng wrote:
I have a question for checkpoint flood-gate gurus in the forum.
I have NG AI R55 with HFA_20 running on SPLAT enforcement
module. This module is being managed from a Provider-1 NG
AI R55 with HFA_20. I have single firewall at the moment
but I configure ClusterXL on this firewall because I will
add a second firewall for Active/Active very soon. Everything
is working so far.
I also have Floodgate on the SPLAT enforcement. I have
3 floodgate rules (including the default rule):
1) Any Any ssh weigh_70
2) Any Any FTP weigh_15
3) Any Any any weigh_10
I have this setup "per rule" ONLY.
Isn't weight done based on the rules? So you had 3x 16Mb/s = 48Mb/s on
rule 1.
When you started ftp the balance becomes:
SSH: 3x 10Mb/s = 30 Mb/s
FTP: 1x 20Mb/s = 20 Mb/s
So SSH as set still outweighs FTP as set.
Can you test this again with equal numbers of FTP and SSH sessions? Say 3
or 5 ssh and as many ftp sessions.
Hugo.
--
[EMAIL PROTECTED] http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for this quote of George Bernard Shaw.)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
