Thread: Firewall Performance question
View Single Post
  #2 (permalink)  
Old 2008-05-04
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,603
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Firewall Performance question
There is a lot of things that can effect firewall throughput. My guess is that peak performance on a X4200 would be about 80% of the interface speed. After that point the firewall's rules and other processing come into play. There are a lot of tunning "tricks" to improve performance including the use of more interfaces (Yes this is a real PIA for most designs) and rule-base optimization with SecureXL.

I'm assuming this is on a lab environment, so to get a base line, load a gateway with Solaris X86 and enable routing to see how much throughput you have there (You can load a Linux build for this too if you know how).

Then try your test with one gateway and an "Any Any Accept No-log" rule. That will give you the baseline for the FW's throughput (This is also how all firewall throughput is reported, not just Check Point's).

As for can you get better than a Gbps through a X4200, yes if you have more than one pair of interfaces going.
Reply With Quote