PDA

View Full Version : Real World Performance : 21400 platform



TheOtherPete
2013-09-12, 11:38
We have a pair of 21400's appliance in a active/standby cluster in a 10Gbps environment (inside, outside, dmz and sync are all 10Gbps ports)

The only blades we have enabled are Firewall, Identity Awareness, Monitoring, App Control, URL Filtering and ClusterXL

We are using NAT, log all traffic and have about 250 rules; rule order has already been optimized (most frequent rule is at the top). The vast majority of our traffic is typical outbound internet traffic, http and https.

I am seeing 60% cpu utilization in SmartView Monitor at a typical daytime load of 800Mbps. This strikes me as too high for a firewall that is rated for much higher throughput.

Can anyone else who has this appliance share their experience, wondering if this is expected for this platform configured with blades like App Control and URL filtering or if this is atypical.

omohan
2013-09-15, 11:00
What version of software are you running?

CoreXL settings, % accel traffic, sim affinity settings, multi-queue?

Are all cores busy? SI/HI or user?