CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of R80.10.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 25 of 25

Thread: Policy push speed is unchanged

  1. #21
    Join Date
    2006-09-26
    Posts
    2,907
    Rep Power
    13

    Default Re: Policy push speed is unchanged

    Quote Originally Posted by PhoneBoy View Post
    If you're already getting a policy installation of around two minutes, then you're not going to see much in the way of improvement.
    For rulebase of 1200 rules, a two minute policy installation time from an R77.30 manager is highly unusual unless you've enabled fw_light_verify, which disables the policy verification step.
    And no, you shouldn't have that enabled, see http://checkpoint-master-architect.b...meter-you.html

    For most customers, a rulebase of 1200 users takes a lot longer than 2 minutes to push from R77.30, whereas on R80.10, it should take 2-3 minutes (assuming a small delta).
    so basically, what checkpoint defines "as improvements" is more like credit cards companies claimed of "low interests" with many "fine prints" that are not really usable in a real world environment

  2. #22
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,244
    Rep Power
    14

    Default Re: Policy push speed is unchanged

    Quote Originally Posted by cciesec2006 View Post
    so basically, what checkpoint defines "as improvements" is more like credit cards companies claimed of "low interests" with many "fine prints" that are not really usable in a real world environment
    For most installations I am familiar with of a similar size, a policy push on a 1200 rule rulebase could easily take at least ten minutes.
    In that context, reducing policy push to 2-3 minutes is a huge improvement.

    So tell me: do you have fw_light_verify enabled or not?
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  3. #23
    Join Date
    2006-09-26
    Posts
    2,907
    Rep Power
    13

    Default Re: Policy push speed is unchanged

    Quote Originally Posted by PhoneBoy View Post
    For most installations I am familiar with of a similar size, a policy push on a 1200 rule rulebase could easily take at least ten minutes.
    In that context, reducing policy push to 2-3 minutes is a huge improvement.

    So tell me: do you have fw_light_verify enabled or not?
    I do not enable this feature.

    Your point is that I should see improvements if there is a small delta change, the policy push should improve a lot. doesn't look that way.

  4. #24
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,244
    Rep Power
    14

    Default Re: Policy push speed is unchanged

    Quote Originally Posted by cciesec2006 View Post
    I do not enable this feature.

    Your point is that I should see improvements if there is a small delta change, the policy push should improve a lot. doesn't look that way.
    And for many customers who participated in the EA of R80.10, they reported exactly that--improved policy installation times.
    However, their policy install probably took significantly more than 2 minutes to install prior to R80.10.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  5. #25
    Join Date
    2012-06-13
    Posts
    274
    Rep Power
    5

    Default Re: Policy push speed is unchanged

    Well yeah I definitely see policy push speed improvement with R80.10. I just upgraded from R77.30 to R80.10 [in a lab environment] with rules base around 150 and saw drastic change in policy push speed. R77.30 usually takes around 2.30 mins while R80.10 I observed well under min.

    well my firewall is again R80.10

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 5
    Last Post: 3 Weeks Ago, 09:02
  2. Can't push policy.
    By Maybedave in forum Installing And Upgrading
    Replies: 3
    Last Post: 2010-04-08, 20:24
  3. Is possible to log who have push the policy?
    By Thomas Riker in forum SmartView Tracker
    Replies: 3
    Last Post: 2009-11-03, 11:55
  4. can't load policy editor and push policy
    By yclee1981 in forum Sun Solaris
    Replies: 2
    Last Post: 2008-01-07, 23:20
  5. Policy cannot push
    By geelkabouter in forum SmartDashboard
    Replies: 3
    Last Post: 2007-02-14, 02:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •