Thanks everyone for your input. I am going to try with http and ftp (instead of ftp and scp, even though all of my clients and servers are Linux/solaris with 2GB of RAM and dual 3.2 Ghz CPU boxes).
Yes, I realize that this is a small scale; however, I would think that in a small test scale environment, the result should reflect what I see in floodgate. I will try it again and post the result. Thanks again. Warrington Bruce - bwarri <[EMAIL PROTECTED]> wrote: I think part of your results are just due to your test lab setup. First I'd say try to force the NIC and switch settings down to 10Mb full duplex for that small of a throughput test, so you're total traffic exceeds the available bandwidth, and see if QOS doesn't do more of what you expect it to. You might also try comparing an FTP transfer to an HTTP transfer, since scp is known to throttle itself due to it's CPU based encryption, and is more likely to skew results if either the client or the server has any CPU change in load during your test. Just a guess when trying to lab test something on a small scale like that - you may not be getting the same results you'd get if it was running a full load in production. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Tuesday, September 04, 2007 10:49 To: [email protected] Subject: Re: [FW-1] Question about Floodgate Hi, Yes, I checeked QoS at the network topology. I have everything set to 100Mbps because everything is connected to a Cisco 2950 Catalyst switch. I have this setup in my lab environment. I still have issues. Please help. Thanks. Pedro Boavida wrote: Hi, Did you checked wich interface has QoS at the network topology ? Best regards, -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: terça-feira, 4 de Setembro de 2007 15:59 To: [email protected] Subject: [FW-1] Question about Floodgate I have a question for checkpoint flood-gate gurus in the forum. I have NG AI R55 with HFA_20 running on SPLAT enforcement module. This module is being managed from a Provider-1 NG AI R55 with HFA_20. I have single firewall at the moment but I configure ClusterXL on this firewall because I will add a second firewall for Active/Active very soon. Everything is working so far. I also have Floodgate on the SPLAT enforcement. I have 3 floodgate rules (including the default rule): 1) Any Any ssh weigh_70 2) Any Any FTP weigh_15 3) Any Any any weigh_10 I have this setup "per rule" ONLY. All interfaces on the SPLAT box is Fast-Ethernet full-duplex. I open three Secure Copy (SCP) sessions from a host behind the firewall to three different SSH servers outside the firewall (I control those ssh servers) and one FTP session from the same host to an external FTP server (I control this FTP server as well). I started downloading via scp from the ssh sessions a 100MB file size. All three scp sessions, I am getting about 16Mbps download each. Immediately after starting the secure copy session, I started the FTP session. Much to my amazement, I am getting about 20Mbps download with FTP. At the same time, I am seeing my secure copy session going down from 16mbps to 10mbps on all three of them. With Floodgate, I thought my ssh traffics are getting a much higher priority than FTP traffics. If that is true, then how come my FTP traffics throughput is higher than my ssh traffics,and that when FTP is going on, it takes away bandwith from my SSH traffics. Can some explain this? Thanks. --------------------------------- Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank you. ************************************************************************* ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
