Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] HTTP Security Server Performance with ~1800 connections

To: "'[email protected]'" <[email protected]>, Greg Winkler <[email protected]>
Subject: RE: [FW1] HTTP Security Server Performance with ~1800 connections
From: Bourque Daniel <[email protected]>
Date: Fri, 21 Sep 2001 16:15:46 -0400
Cc: [email protected]
Sender: [email protected]


We implement HTTP security server yesterday and it just kill the FWs,
hitting 100% CPU and ressource exaustion immediately.

I am back to block that with a Cisco router and NBAR filter

-----Message d'origine-----
De: Juan Concepcion [mailto:[email protected]]
Date: 20 septembre, 2001 21:01
À: Greg Winkler
Cc: [email protected]
Objet: Re: [FW1] HTTP Security Server Performance with ~1800 connections



What you could try is creating multiple instances of the security server so
that it can hanndle the amount of connections that you are trying to push
behind it more effienciently.
-- 
Juan Concepcion
Network Security Engineer
CCSA CCSE
[email protected]


On 2001.09.20 08:38 Greg Winkler wrote:
> 
> 
> I am still struggling with high CPU use by the HTTP security servers. I
> have been working with Checkpoint Israel for months and they are stumped.
> The only solution offered is to throw a bigger (more cpu) server in place
> of what I have. But I'm not convinced that would be a solution as the
> number of connections running through this firewall don't appear to
> justify
> more hardware.
> 
> I have about 3500 workstations sitting behind a 2 processor, 500mhz
> server
> with 768mb of ram, running CP 4.1 (SP3) on NT 4.0, SP6a. I've charted the
> values of the connections table every 15 seconds for weeks. With no
> security servers involved we average 1800 or so connections. Most of our
> traffic is HTTP. When I enable the HTTP security servers (i'm running one
> on each processor) after about 10 minutes both processors max out at 100%
> utiliazation and performance on the firewall goes down the drain. Looking
> at task manager it is the individual security server processes that are
> consuming all CPU.
> 
> Is anyone running this amount of workstations or connections thru their
> firewall? Are you using the security servers? What processor, memory
> configuration are you running?
> 
>
----------------------------------------------------------------------------
------------
> 
> Greg Winkler
> Systems Manager, IT&S
> Huntsman Corporation
> Internet Mail: [email protected]
> Voice:> Fax:> 
> 
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions
> at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
> 
> 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Installation on RedHat 7.1
Next by Date: [FW1] FW: Need help setting checkpoint to work as VPN gateway
Previous by thread: RE: [FW1] HTTP Security Server Performance with ~1800 connections
Next by thread: [FW1] Please Advise-comparison b/w hardware & software firewall
Index(es):
- Date
- Thread