CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Traffic shaping

  1. #1
    Join Date
    2012-10-03
    Posts
    72
    Rep Power
    6

    Default Traffic shaping

    Our MPLS provider (verizon) wants us to "shape" our traffic that goes out on the hand-off interface to their network(s).

    We have 15 locations, any-to-any mesh MPLS config. The hand-off port from the LEC is either 100M or 1G depending on the MPLS subscription for the location. One example is a 300M subscription being delivered on a 1G port.... So, i'm making the assumption that "shaping" is basically telling my fw that even-though the interface is 1G, there is only 300M available??

    All gateways are R77.30, gaia, 4000 or 5000 series appliances.

    Is this even possible on cp firewall? As always, any assistance would be greatly appreciated.

    Danny

  2. #2
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,492
    Rep Power
    15

    Default Re: Traffic shaping

    So...what are they going to do if you *don't* shape your traffic? Allow it through?

    _Normally_ what happens here is that ISPs will Police traffic, while it's better for you to Shape it. QoS gets complicated, but main difference is that policing does a hard drop for traffic over policed rate, while shaping will do some buffering, smoothing things out a little bit. Usually better to shape, rather than get policed.

    The Check Point QoS (aka Floodgate) feature can in theory do this sort of shaping, but most people do it on a router.

  3. #3
    Join Date
    2012-10-03
    Posts
    72
    Rep Power
    6

    Default Re: Traffic shaping

    Quote Originally Posted by northlandboy View Post
    So...what are they going to do if you *don't* shape your traffic? Allow it through?

    _Normally_ what happens here is that ISPs will Police traffic, while it's better for you to Shape it. QoS gets complicated, but main difference is that policing does a hard drop for traffic over policed rate, while shaping will do some buffering, smoothing things out a little bit. Usually better to shape, rather than get policed.

    The Check Point QoS (aka Floodgate) feature can in theory do this sort of shaping, but most people do it on a router.
    The impetus to their call was they were seeing "discards" on a few on the circuits. Sounds like they are doing hard drops for traffic over the subscription.

  4. #4
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,492
    Rep Power
    15

    Default Re: Traffic shaping

    Quote Originally Posted by DannyW View Post
    The impetus to their call was they were seeing "discards" on a few on the circuits. Sounds like they are doing hard drops for traffic over the subscription.
    That is what they normally do. Sounds like they're being proactive here, rather than just hard dropping traffic. Shaping will help your overall throughput on those links.

Similar Threads

  1. Best possible way to monitor AS2 traffic and block rogue Traffic
    By Druva in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2016-01-04, 02:48
  2. HOW TO IDENTIFY TRAFFIC USING IPSEC TUNNEL AND NON TUNNEL TRAFFIC ON CHECKPOINT SMART
    By gbollyd in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 4
    Last Post: 2011-09-21, 09:10
  3. Dropped Traffic: Dropped traffic between nodes
    By mhernandez in forum Miscellaneous
    Replies: 0
    Last Post: 2011-03-22, 13:45
  4. Traffic Shaping with QoS -- Issues
    By darkid in forum QoS (Quality of Service) (Formerly FloodGate-1)
    Replies: 3
    Last Post: 2008-09-04, 22:16
  5. Traffic shaping by means of IPSO built-ins?
    By rewind in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 0
    Last Post: 2008-08-01, 09:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •