[rgupta]

We had recent issuses related to CPU spikes caused by http security server on a Nokia firewall integrated with websense. We disabled Websense and just ran a plain vanilla HTTP Resource and found the same performance issues as soon as the connections hit around 3500 value. Made all possible tweaks to enhance performance both at buffers/IPSO's TCP/IP stack level with SmartDefense disabled but no relief. Opened tickets with Nokia and Check Point. Both ran various tests, upgrading firewall to a better hardware/including Splat. Nokia ran the tests on IPSO 1260 and as soon as the connections hit 3500, they indeed started to see CPU spikes to 90% and above.

Has anyone seen any better performance with more than 3500 connections passing through the HTTP security server? What is the performance wrt client/user auth security server or for that matter a cvp security server? Any experiences shared would help us design better solutions for our customers.

Thanks.