[cciesec2006]

I have a pair of Sun X4200-M2 running NGx R65 2.6 kernel in Active/Standby
ClusterXL. These Sun boxes have 4GB RAM on each box. I have about 200
rules in the security policy with about 2000 objects.

I have 12 Dell Servers 2950-III, 8GB RAM with dual quad-core processors,
6 servers behind the firewalls and 6 servers outside of the firewall.
Everything is connected to a Cisco Catalyst 3750 24 ports 10/100/1000.

According to the diagram, when I fired Iperf client x, y and z to hit iperf server
1, 2 and 3, respectively, I could see the Active firewall handle 1Gbps
throughput. That's the
good part.

However, when I fire Iperf client 4, 5 and 6 to hit Iperf servers A, B and C, I
could see the traffics on the External interface of the Active firewall
dropped to 500Mbps received and 700Mbps transmitted. I know that
WITHOUT firewalls, my catalyst can handle > 1Gbps easily both way.

My question is this: do these firewalls capable of handling >1Gbps
throughput of is it just a marketing ploy by Checkpoint? I am not
interested in connection per second, only in firewall throughput.
From what I can observe, the Sun X4200-M2 can not handle >1Gbps
throughput.

Am I wrong here?