Re: [FW1] Sun Checkpoint Performance

Tue, 26 Sep 2000 12:59:08 -0700 


We are running with a pair of Sun Ultra 10s - 440MHz - 512 MB running FW-1 
V4.0 SP7.  We are not using NAT or any CVP but we do log every connection.  
At 100 mpbs traffic (35 mbps outbound, 65 mbps inbound) the boxes are 
running about 60% busy.  85-90% of the traffic is http related.  My list of 
things to do has adding a third box to handle any single box failure.   Hope 
this helps.

./CK


>From: "Jon R. Allen" <[EMAIL PROTECTED]> wrote on
>Date: Mon, 25 Sep 2000 22:18:37 -0400
>
>
>I would like to compare firewall performance levels with other people to
>see if the rates we are experiencing are "normal".  I manage a pair of
>Sun Ultra E3500 firewalls each connected to a burstable-T3. Each firewall
>has a pair of 250Mhz CPUs, 512M of memory, and is connected to full-duplex
>100Mbps switches.  The OS level is Solaris 2.6 and the Checkpoint is 3.0B.
>
>Even though each link has 45Mbps capacity, we seem to topping out in
>the 6-7Mbps range.  The systems have been tuned and tweaked and nothing
>seems to indicate a "tuning" or resource problem.  The firewalls have about
>40 firewall rules and about 10 address translation rules.
>
>Using a traffic generator I tried to do some throughput testing.
>Transmitting
>small packets, I can drive the performance at about 2Mbps, but with large
>packets I can drive performance in the 15mbps range.  During the busy times
>of the day the average packet size is quite small, so this seems to agree
>with the testing.
>
>Do other people with similar setups see similar rates?  Management believes
>that the E3500 boxes should be able to drive the T3 links much higher than
>6Mbps. Therefore I would like to see what transmission rates other people
>are
>seeing.  Does the trunking feature help performance?  How about switching
>from E3500 to something like E220? Any info would be appreciated.  Thanks.
>
>-Jon
>


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to