4 cpus and 32 GB RAM

[pkochummen]

Hi,

We have 2 enforcement modules which run Solaris 9 . The hardware used are V440's with 4 cpus and 32 GB RAM on each of the servers .

We are unable to see any performance boost with this hardware configuration compared to a 2 cpu 8 Gb RAM machine running Solaris 9 .

The checkpoint version used is NGX R60 HFA_03

My doubt is whether Checkpoint was in the first place designed to run on multi-cpu machines . Any ideas / comments on with regards to the scalability of Checkpoint is highly appreciated

Thanks and Regards
PK

[northlandboy]

Was CPU and RAM maxed out on your old servers?

Given that there is a direct correlation between RAM and maximum concurrent connections you can support, you would have to have been doing a phenomenal amount of connections to use up 8GB. Off the top of my head Nokia does half a million with 1GB, or something along those lines.

Similarly with CPU - I've seen firewalls handling 25,000 connections, and still sitting below 10% CPU.

If neither RAM nor CPU was a bottleneck on your old system, then it's not going to make much difference having more hardware.

Is the firewall the bottleneck in your system?

As for whether it handles multiple CPUs well, I can't say. Usually I only have multiple CPUs in the management server.

[pkochummen]

The old hardware was not actually maxed out .

We were doing some throughput testing on the fw using Java TTCP ( freeware ) and the following happened

1. My active firewall went into a hung state
2. A failover to the standby happened

This got me thinking as to what would have caused the load on the system and to max out a 4 cpu config you would need an awful lot of connections .

My doubt here is whether my Checkpoint can see my 4 cpus or is it only seeing one cpu.

Rgds

[chillyjim]

Quote:

Originally Posted by pkochummen

My doubt here is whether my Checkpoint can see my 4 cpus or is it only seeing one cpu.

With R60 you should have a multi-cpu license.
Several parts of the Check Point suite are multi-threaded and most of those that are not still get a performance boost just from the Solaris scheduler. That being said, 4 CPU and 32 GB of RAM can handle a lot more than the default configuration of VPN-1 will allow (25K sessions is the default limit).