|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Stone Beat Full Cluster
Hi, Usually performance issues are caused by asymmetric routing conditions. And asymmetric routing conditions with FullCluster means that at least one of the nodes has an error in its configuration. There are also problems with the use of Ethernet multicast and Cisco switches that can cause flooding. For each of these configurations, we would need to know a bit more about your configuration. If you could tell us, are you using unicast, multicast MAC or multicast IP? If you are using a multicast IP configuration, and therefore IGMP, do you have IGMP snooping enabled elsewhere? Are you using NAT? Dedicated and virtual IPs? Check with [email protected], or call the support numbers below, and someone should be able to assist you with the problem. Best of luck! ---------------------------------------------------------------- Mark Boltz Stonesoft, Inc. Network Security Specialist 115 Perimeter Center Place [email protected] South Terraces, Suite 1000 Tel:Atlanta, GA 30346 Cel:USA Fax:http://www.stonesoft.com New support numbers! Toll free:Other areas:"Chang, Andre" <[email protected]> To: "'[email protected]'" Sent by: <[email protected]> [email protected] cc: kpoint.com Subject: [FW1] Stone Beat Full Cluster 01/15/2001 07:30 AM I too run checkpoint on a windows nt system using stone beat full cluster trough a catalyst 6509 switch and there have been a couple of issues that I am still trying to work out. 1. There is still some kind of broadcast or flooding of the network when using multicast. 2. Downloads and access to Web pages through out burst able 45mb port to the Internet is very slow. Example to download a file from that is 23mb I get roughly 50 - 60 kbs and download time is roughly 20 to 28 minutes. 3. I have tested this three ways to see if it is the firewalls or the switch. a. I put a box on the public side of the firewall running parallel to it and plugged into a public port of the catalyst and I get download speeds of roughly 180 - 210 kbs and the same file takes seconds to download. b. I try the same thing but now from the DMZ and I get the same speed as if I was on the private side 50 -60 kbs c. I also try from internal to DMZ and DMZ to internal which produce the same results. However going from server to server on the same broadcast domain through the switch is very fast (which is correct). The gist of this is that there is something with firewall-1 running stonebeat full cluster that has slowed down speed through the firewall dramatically almost 600% slower than running the firewall-1 solution by it self. If any one has similar, problems please let me know and also if you have found a solution to the problem it would be great. Andre Chang Southern Wine And Spirits ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
