CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 13 of 13

Thread: R80.10 performance on standalone 4200

  1. #1
    Join Date
    2015-10-12
    Posts
    6
    Rep Power
    0

    Question R80.10 performance on standalone 4200

    We have a few standalone SG-4200's running 77.30. We've been having performance issues with these units from the moment we bought them and I feel like they're seriously underpowered.
    Regardless, we're running into several issues that have fixes for them, but only when we upgrade to R80.10.

    Does anyone have any experience running R80.10 on the 4000 series? While I realize there are supposed to be several performance improvements, I'm already a bit wary of installing a new release on a unit that has difficulties enugh running the current one.

  2. #2
    Join Date
    2008-05-26
    Posts
    8
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    You wont be able to run R80.10 on 4200 appliance, as it requires 8GB of RAM for standalone mode.
    It is noted on page 12 of R80.10 Release notes.
    Click image for larger version. 

Name:	r80.10 4000 8gb limitation.JPG 
Views:	549 
Size:	85.5 KB 
ID:	1308

  3. #3
    Join Date
    2015-10-12
    Posts
    6
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    Thanks... I realized it 10 minutes ago as well. We were always told it was no problem that's why I didn't really look into it any further.

    Perhaps anyone can say anything about the performance of R80.10 when using a seperate management server?

  4. #4
    Join Date
    2017-08-21
    Posts
    1
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by MichelB View Post
    Thanks... I realized it 10 minutes ago as well. We were always told it was no problem that's why I didn't really look into it any further.

    Perhaps anyone can say anything about the performance of R80.10 when using a seperate management server?
    Hi,

    My name is Gilad and I'm the manager of the release management group which is responsible for the R80.10 release.
    In R80.10, the Security Gateway performance and resource utilization are better compared to R77.30 Security Gateway.

    Thanks,
    Gilad Tavasi

  5. #5
    Join Date
    2006-09-26
    Posts
    3,199
    Rep Power
    18

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by GiladT View Post
    Hi,

    My name is Gilad and I'm the manager of the release management group which is responsible for the R80.10 release.
    In R80.10, the Security Gateway performance and resource utilization are better compared to R77.30 Security Gateway.

    Thanks,
    Gilad Tavasi
    Since you're the manager of the release management which is reponsible for the R80.10 release, for crying out loud, please make R80.10 works the way it supposed to work so that I can migrate from R77.30 to R80.10. Not sure why you guys did a "half-baked" product in R80.10: https://www.cpug.org/forums/showthre...light=provider

  6. #6
    Join Date
    2014-09-02
    Posts
    374
    Rep Power
    10

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by GiladT View Post
    Hi,

    My name is Gilad and I'm the manager of the release management group which is responsible for the R80.10 release.
    In R80.10, the Security Gateway performance and resource utilization are better compared to R77.30 Security Gateway.

    Thanks,
    Gilad Tavasi
    I spite of cciecec2006 venting his frustrations (understandable as they may be), let me welcome you, Gilad.

    While some may take your presence here as an opportunity to vent frustrations , I'd like to make sure you understand that most of the community will welcome any guidance/suggestions/assistance you can give.

    -E

  7. #7
    Join Date
    2014-09-02
    Posts
    374
    Rep Power
    10

    Default Re: R80.10 performance on standalone 4200

    In response to the OP, while 4200's can run standalone (pre-R80), it's never really been an ideal situation.

    All of the performance specs given for any gateway devices are based on them being run only as gateways. The second you task them with management duties, you're asking too much of them, and all of those numbers should be expected to drop - sometimes significantly. (Anyone ever try a UTM-1 130 in standalone?)

    While R80.10 should offer some performance gains on any gateway, in your case, if you move management off to another device(s) and run the 4200's as only gateways, you'll definitely breathe new life into them.

    -E

  8. #8
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,499
    Rep Power
    18

    Default Re: R80.10 performance on standalone 4200

    Anecdotal evidence suggests a 2200 (same basic hardware as a 4200) will have better performance on R80.10 than R77.30.
    That assumes it is deployed in a distributed environment.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  9. #9
    Join Date
    2015-10-12
    Posts
    6
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by EricAnderson View Post
    In response to the OP, while 4200's can run standalone (pre-R80), it's never really been an ideal situation.

    All of the performance specs given for any gateway devices are based on them being run only as gateways. The second you task them with management duties, you're asking too much of them, and all of those numbers should be expected to drop - sometimes significantly. (Anyone ever try a UTM-1 130 in standalone?)

    While R80.10 should offer some performance gains on any gateway, in your case, if you move management off to another device(s) and run the 4200's as only gateways, you'll definitely breathe new life into them.

    -E
    Thank you for your response. We're dealing mostly with smaller environments here and the 4200's in this case were deployed in a small-enterprise setup. This were really our first steps into the whole Checkpoint product suite as we'd recently switched over from the old Juniper's. We've been in contact with our local supplier and Checkpoint in order to find the best solution for this environment and came up with a supported stand-alone setup. It saddens me that, now years later, I cannot count the amount of times I've been told something like: "yeah standalone is supported, but it's never ideal". The sizing tool, for example, also gives you the option to select local management, decreasing SPU, but it's still a valid option.

    Quote Originally Posted by PhoneBoy View Post
    Anecdotal evidence suggests a 2200 (same basic hardware as a 4200) will have better performance on R80.10 than R77.30.
    That assumes it is deployed in a distributed environment.
    Thanks! It gives some hope for the near future for these devices. We're contemplating buying a Smart-1 and later on slowly replace the 4200 with a 5000-series.
    I really feel like we were ill-advised on this...

  10. #10
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: R80.10 performance on standalone 4200

    The biggest constraint with the lower-end 2012 series of appliances in regard to a standalone setup was not CPU power, but amount of RAM. The original version of the 2200 shipped with 2GB of RAM, the 4X00 series with only with 4GB which is not really enough for standalone clustered operation (i.e. "Full HA") and caused a lot of swapping/paging to hard disk. Thankfully the replacement for the 2200, the 3100/3200 units, come standard with 8GB of RAM.
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  11. #11
    Join Date
    2015-10-12
    Posts
    6
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by ShadowPeak.com View Post
    The biggest constraint with the lower-end 2012 series of appliances in regard to a standalone setup was not CPU power, but amount of RAM. The original version of the 2200 shipped with 2GB of RAM, the 4X00 series with only with 4GB which is not really enough for standalone clustered operation (i.e. "Full HA") and caused a lot of swapping/paging to hard disk. Thankfully the replacement for the 2200, the 3100/3200 units, come standard with 8GB of RAM.
    In your experience, would you say the hardware (in this case RAM) was therefor underpowered?

  12. #12
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by MichelB View Post
    In your experience, would you say the hardware (in this case RAM) was therefor underpowered?
    For Full HA operation while activating any reasonable number of gateway blades, yes. Thankfully RAM was bumped up a lot in the new generation of appliance hardware.
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  13. #13
    Join Date
    2016-06-10
    Posts
    23
    Rep Power
    0

    Default Re: R80.10 performance on standalone 4200

    Quote Originally Posted by cciesec2006 View Post
    Since you're the manager of the release management which is reponsible for the R80.10 release, for crying out loud, please make R80.10 works the way it supposed to work so that I can migrate from R77.30 to R80.10. Not sure why you guys did a "half-baked" product in R80.10: https://www.cpug.org/forums/showthre...light=provider
    Hi, that thread seemed pretty done to me as Yaelle from CP gave her answer. If you feel like this doesn't address the needs, please reply over there.

Similar Threads

  1. Standalone GW & Performance
    By avilT in forum Installing And Upgrading
    Replies: 4
    Last Post: 2013-02-25, 08:23
  2. GAIA on 4200 appliance, possible?
    By Spawn in forum Check Point 2012 Appliances
    Replies: 4
    Last Post: 2012-12-16, 12:55
  3. VPN Performance CP 4200 applicance.
    By cuongalexvu in forum Check Point 2012 Appliances
    Replies: 2
    Last Post: 2012-09-06, 23:33
  4. NGx R65 with 2.6 kernel on Sun 4200-M2
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 6
    Last Post: 2008-04-29, 15:50
  5. 4200 Nokia Sensor Install
    By Kubann in forum Installing And Upgrading
    Replies: 6
    Last Post: 2006-07-24, 03:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •