Hello,
I'm in trouble with limit performance testing .
It seems to me NGX R62 on SunFire T2000 must be a performance bottleneck.
After more than 420TPS is loaded, the FW1 starts to reply "REJECT"(TCP RST)
to origin servers increasingly. There is no REJECT in policy rules and
configurations. What does the FW1 detect for REJECT response?
The origin servers never send wrong packets. I checked all capture data
on the origin servers.
Let me know if you have any idea.
Thank you,
--shiba
Performance result:
FireWall-1: ON OFF
Performance: 420TPS 1000TPS <-- **
CPU usage : 40% 30%
Connections: 30,000 30,000
Platform : SunFire T2000 Solaris10(01/06)
CPU:T1(8core) 1.2GHz x1, 16GB Memory
NIC: ipge(FireEngine) 100Mbps
FireWall-1 : NGX R62
Application : Apache2.0 (Proxy)
LoadGenerator: Avalanche
(Avalanche) <==> (FW1 on SunFireT2000) <==> (Origin Server on SunFire T2000
x2)
FW1 Configuration
- Policy Rules : 10
- Smart Defense: OFF
- Max Concurrent Connection: 100,000
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
