CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
SMTP Question SMTP Question
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-06-28
Junior Member
  
Join Date: 2007-06-26
Posts: 4
Rep Power: 0
DeShark has an average reputation (10+)
Default SMTP Question
I work an an ISP. We are seeing an issue where people cannot check their mail (pop or smtp) on any mail server when we have a high volume of smtp traffic flowing. Is there some sort of optimization that needs to be done on the firewall to help with this? We are running NGX R60 HFA02 on SPLAT. SmartDefense is not enabled on the mail features. Concurrent connections around 80k seems to be the threashold. We seem to run fine under 70k. Thanks in advance for any assistance.

DeShark
Reply With Quote
  #2 (permalink)  
Old 2007-06-29
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: SMTP Question
You might need to increase the state table. Edit your firewall object and go to "Capacity Optimization" tab. Tweak the Maximum Connections as needed... and remember to have plenty of RAM.
Reply With Quote
  #3 (permalink)  
Old 2007-06-29
Junior Member
  
Join Date: 2007-06-26
Posts: 4
Rep Power: 0
DeShark has an average reputation (10+)
Default Re: SMTP Question
That is and has been at 250k. We are running with 512MB of RAM. Do you think memory is the issue?

DeShark
Reply With Quote
  #4 (permalink)  
Old 2007-06-30
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: SMTP Question
Yes, this does sound like a memory problem. Up the memory to a least a gig and you should see much better performance.

What platform and version are you running?
Reply With Quote
  #5 (permalink)  
Old 2007-07-02
Junior Member
  
Join Date: 2007-06-26
Posts: 4
Rep Power: 0
DeShark has an average reputation (10+)
Default Re: SMTP Question
Running NGX R60 on SPLAT. Thanks.. I'll bump it to a gig and see how that helps. Optimally what amount of memory would be best?

DeShark
Reply With Quote
  #6 (permalink)  
Old 2007-07-02
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: SMTP Question
You should be able to get in the neighborhood of 150K sessions without problems with a gig of RAM. You do have to adjust the number of connections allowed in firewall object as MarioL pointed out.
Reply With Quote
  #7 (permalink)  
Old 2007-07-03
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: SMTP Question
If you work for an ISP I'd try and get 2GB in, you never know when you are going to have DDoS or spikes or whatever and more memory helps Check Point quite a lot.
Reply With Quote
  #8 (permalink)  
Old 2007-07-03
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: SMTP Question
Are you using the SMTP security server or trying to run the anti-virus on it?

I didn't think of asking before, because I'd be really surprised if you got 10K sessions but...
Reply With Quote
  #9 (permalink)  
Old 2007-07-10
Junior Member
  
Join Date: 2007-06-26
Posts: 4
Rep Power: 0
DeShark has an average reputation (10+)
Default Re: SMTP Question
I added a gig to the box bringing it up to 1.5 GB. No difference. The memory utilization is the same. The new gig is available. We are still seeing the intermittent issue where people cannot pop or send email on occasion. No we are not using the SMTP security server. We have no problem with the number of concurrent connections when it gets high.. 85k is seen on occasion on the high side. Config is set to 250k. Just this issue where people cannot pop or smtp to ANY mail server on our network. Very odd and very critical! Any ideas?

DeShark
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 21:13.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0