CP Throughput

[jcdavisi]

We have just upgraded our internet pipe from 5mbps to 100mbps. When I place a laptop in front of the CP FW and do a speed check from one of the internet speed check websites, it reads about 20mbps (that's another issue). If I place the laptop behind the CP FW and do the same speed check I get like 5mbps. I'm running CP FW on a Windows 2000 server with 100mb NICs. I've talked to CP support and up to this point they have not been able to determine what is going on.
Any help or explanation for this would be greatly appreciated.
Thanks.
Jim

[Lackie]

You can try and disable all of the http checks in smartdefense. This may be causing a bottleneck.

[dr-spoof]

I would try this out just for kicks.

http://speedtest.umflint.edu/

Check DNS settings, better yet turn it off it it's on to test and check CPU loads on the host.

You could turn off the fw and test again if it's slow then it's not the fw maybe a bad ciruit or ethernet connection.

[chillyjim]

Don't use windows for the gateway OS, its a boatload slower than SPLAT

[Sergej]

Are you using FloodGuard and did not update interface bandwidth settings?
What is the CPU utilization of you gateway?
What is CheckPoint version?
Try to check bandwidth from inside of the Gateway.
Disable all SmartDefence checks and try one more time.

[bkilcoyne]

I to have seen this behavior. I moved from a 3 Mb/sec connection to a 30 Mb/sec and have an average throughput of 1.5 Mb/sec (150kB/sec) for HTTP downloads. Ironically I got about the same on my 3 Mb/sec connection. If I use the same notebook and Internet link outside the firewall I can average about 10Meg. I know that some sites throttle and expect that, but the behavior is consistent and I rarely exceed 2Mb/sec in a transfer

This seems to be with only HTTP transfers. If I use ftp client I can achieve faster transfers (average 8x faster). I have seen this behavior with both NGX R60 & R61.

Per SmartView Monitor the CPU utilization is low (2-3%) and connections rarely excee 1500. I do see occasional spikes on interface utilization to 20Meg and this normally corresponds to SMTP or FTP traffic.


Currently running R61 on a Dell PE2650 with 3GHz processor and 2Gig of RAM.
I do not use FloodGate
I do not have QOS policy.

This is driving me absolutely nuts …any suggestions would be appreciated!

[RayPesek]

We haven't seen this at all. We moved from a pair of unbonded T-1's to 10 M/bps fiber on R55 & a Nokia IP530. When we tested the raw line throughput before the cutover using a file transfer in the ISP's data center as well as http://www.speakeasy.net/speedtest, we got very close to the 10 M/bps speed. That was using a laptop with a personal firewall.

Once we made the cutover to the IP30 it was still the same.

We did have issues with auto-sensing on the NICs, though. We forced everything to 100 M/bps and all was well. Auto-sense caused a lot of speed issues.

I've got just about every SmartDefense setting running as well.FWIW,

Ray

[northlandboy]

Ray could well be onto something here - doublecheck all your interfaces, look for any errors or duplex mismatches. It's the sort of thing that doesn't show up with low bandwidth/low volume transfers, but really makes itself felt once you push up the volume.

[bkilcoyne]

I should have mentioned in my last post that I’m using Secure Platform for the host OS.

I have double checked all interfaces and they are configured correctly. If you note from my last post the poor performance is with HTTP transfers. FTP transfers work as expected. Using FTP I have been able to push about 40Mb/sec to my FTP server in my DMZ on this firewall. I have also been able to download at about 15Mb/sec from external FTP sites such as Netscape. When you do the same transfer using HTTP I get 8-10x decrease in through put. I get the same results with IE and FireFox. If I use www.microsoft.com/directx as an example, inside the firewall I average about 1.5Mb/sec, outside the firewall I average 10Mb/sec-15Mb/sec. I also see the same problem with our development firewall. I have tried disabling all SmartDefense checks on our dev environment to see if that was causing the issue but it had no effect on the throughput.

My CheckPoint partner has also witnessed this behavior with our system but has not received any explanations from Check Point on the mater. Is anyone else experiencing this behavior?