CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: load question

  1. #1
    Join Date
    2007-10-10
    Posts
    22
    Rep Power
    0

    Default load question

    Does using the web intellligence engine cause alot of load on the firewall?

    I would like to start using it, but do not want to overload my appliances.

    Thanks
    Nick

  2. #2
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    16

    Default Re: load question

    That all depends on your hardware and how much bandwidth you're pushing through it that is subject to inspection. What is your hardware and total bandwidth? If you have almost any hardware built in the last five years, you'll probably be OK.

    Ray

  3. #3
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: load question

    I load tested the Nokia IP560 (2GB RAM) running IPSO 4.1 build 19
    with NGx R61 & HFA_01 back in December 2006. The load testing
    equipment I used is Spirent Web Avalanche/Reflector.

    With SmartDefense/Web Intelligence turned OFF, I was able to
    push about 700Mbps through the box.

    With SmartDefense/Web Intelligence turned ON, I was able to push
    about 60Mbps. Not only that, the box freezed and had to require
    a mannual turned OFF/ON of the power switch.

  4. #4
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    16

    Default Re: load question

    So someone with a DS3 would be OK?

    Check your ApacheFormatString protections. There should be two sets, one with an underscore near the end and one set without. If you have the ones WITHOUT the underscore enabled, disable them and enable the ones with the underscore instead. This ia a known issue and will cause freezing.

    I haven't figured out why they can't just delete the non-underscore ones, though.

    Ray

  5. #5
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: load question

    Ray,

    Again, it depends. However, with a DS3 connections, that should be
    good for most environments.

    One disclaimer: I could have destroyed the IP560 with 64k bytes packets
    and lot of http/https connections from the Spirent Avlanche/Reflector.
    Had I run the test to the fullest, I would think the Nokia IP560 would
    freeze at 30Mbps and lot and lot of 64k connections. That would
    criple the Nokia IP560; but again, it doesn't reflect the real environment,
    unless you're under DoS or DDoS

Similar Threads

  1. fwm load question
    By phoenixsecure in forum Miscellaneous
    Replies: 1
    Last Post: 2016-05-09, 07:14
  2. Load balancing question
    By BrianT in forum ISP Redundancy
    Replies: 2
    Last Post: 2009-09-09, 05:36
  3. Question on Load Sharing Unicast Virtual MAC
    By moaahk in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2008-08-18, 09:49
  4. Quick Question using HA with Load Balancing
    By ds5879 in forum Management High Availability
    Replies: 4
    Last Post: 2007-12-13, 14:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •