PDA

View Full Version : Verizon FIOS 800 mb/s service. How would a 680 hold up to that?



roveer
2017-05-01, 20:45
Verizon has it's GIG internet service available in my area. Kind of a lawsuit ready to happen because they are calling it gig, but saying it's good to 900 mb/s or so but in any event it's lot faster than the 150/150 that I current have.

I ditched Verizon equipment long ago and have 2 locations on 680's VPN'd. I'm considering the upgrade to both sites as I do nightly backup swaps across the lines for off-site redundancy. With those speeds I'd considering moving more of the backup offsite every night.

The 680 does have a gig WAN port but I was wondering if it would give me access to all of that speed? I think I ready somewhere that someone lab tested them and got pretty good speeds. I've actually got 2 680 demo units that only run for 30 days between resets so I might cable them up and give it a go to see how fast they'd run.

Do you think the 680's will keep up with Verizon's new GIG service?

Thanks,

Roveer

PhoneBoy
2017-05-02, 00:15
Under ideal conditions with firewall only, maybe, but in a production scenario, probably not.
The 1100 Series Datasheet, which uses the same hardware as the 600 Series, quotes the following for the 1180 (same as 680):


Production Firewall Throughput: 350 mb/s
Production Threat Prevention Throughput: 30 mb/s

The 700/1400 Series appliances have significantly better hardware and (firewall only) should be able to keep up.
Threat Prevention throughput is also significantly better, but not quite to the level of 900 mb/s.
Full details here: https://www.checkpoint.com/products/700-security-appliances/#specifications

roveer
2017-05-02, 01:13
Under ideal conditions with firewall only, maybe, but in a production scenario, probably not.
The 1100 Series Datasheet, which uses the same hardware as the 600 Series, quotes the following for the 1180 (same as 680):


Production Firewall Throughput: 350 mb/s
Production Threat Prevention Throughput: 30 mb/s

The 700/1400 Series appliances have significantly better hardware and (firewall only) should be able to keep up.
Threat Prevention throughput is also significantly better, but not quite to the level of 900 mb/s.
Full details here: https://www.checkpoint.com/products/700-security-appliances/#specifications

I just poked around the spec sheet and realized in order to fully utilize all that FIOS speed in a VPN configuration (which is what i would want to do), I would need the 790 series which is quite an expensive beast (x2 for both locations). Guess I'll stay where I am.

jflemingeds
2017-05-02, 06:29
I really don't think a 790 could fill a 800 meg pipe of vpn traffic. vpn will always land on a single core (unless running that special r77.20 version i think) which means those 3 other cpu cores will basically be idle due to corexl limitations.

laf_c
2017-05-02, 09:37
I just poked around the spec sheet and realized in order to fully utilize all that FIOS speed in a VPN configuration (which is what i would want to do), I would need the 790 series which is quite an expensive beast (x2 for both locations). Guess I'll stay where I am.

Or you could throw 1000E or $ and buy 2 X Fortigate 50E to reach you needs :))))

jflemingeds
2017-05-02, 13:01
Or you could throw 1000E or $ and buy 2 X Fortigate 50E to reach you needs :))))

isn't that model software driven? Seems like it would have a hard time with vpn traffic as well.

roveer
2017-05-02, 13:13
I really don't think a 790 could fill a 800 meg pipe of vpn traffic. vpn will always land on a single core (unless running that special r77.20 version i think) which means those 3 other cpu cores will basically be idle due to corexl limitations.

Spec's for 790 show 1,000 mbp/s vpn. Would think it should be able to run at 80%, no? In any event, it's all a bit pricey (cost of service, new hardware). Sure would be nice to have all that speed. Hopefully as time goes on, it will become a commodity and the cost will be reasonable.

laf_c
2017-05-03, 04:03
isn't that model software driven? Seems like it would have a hard time with vpn traffic as well.

Double checked now: 200Mbps on IPSEC. FGT 60D can accomodate up to 1Gbps of IPSEC.
How much a piece of 790 costs today?