Howabout upgrading first of all to 4.1 sp2 (CP2000) and then
benchmark. Then the list may be able to help you
-----Original Message-----
From: Jon
R. Allen [mailto:[email protected]]
Sent: Monday, September 25, 2000 7:19 PM
To: [email protected]
Subject: [FW1] Sun Checkpoint Performance
I would like to compare firewall performance levels with other
people to
see if the rates we are experiencing are
"normal". I manage a pair of
Sun Ultra E3500
firewalls each connected to a burstable-T3. Each firewall
has a pair of 250Mhz CPUs, 512M of memory, and is connected to
full-duplex
100Mbps switches. The OS level is
Solaris 2.6 and the Checkpoint is 3.0B.
Even though each link has 45Mbps capacity, we seem to topping
out in
the 6-7Mbps range. The systems have been
tuned and tweaked and nothing
seems to indicate a
"tuning" or resource problem. The firewalls have about
40 firewall rules and about 10 address translation rules.
Using a traffic generator I tried to do some throughput
testing.
Transmitting
small
packets, I can drive the performance at about 2Mbps, but with large
packets I can drive performance in the 15mbps range.
During the busy times
of the day the average packet
size is quite small, so this seems to agree
with the
testing.
Do other people with similar setups see similar rates?
Management believes
that the E3500 boxes should be
able to drive the T3 links much higher than
6Mbps.
Therefore I would like to see what transmission rates other people
are
seeing. Does the trunking
feature help performance? How about switching
from E3500 to something like E220? Any info would be appreciated.
Thanks.
-Jon
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================