[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint Sizing... HELP!
How about some stats? Active connections? Memory usage? Is it the kernel that is consuming your CPU? Is it a process and which one? Does it peak or is it constantly at or above 75%? etc. etc. Anything would be helpful. George -----Original Message----- From: Chris Labatt-Simon - D&D Consulting [mailto:[email protected]] Sent: Tuesday, October 23, 2001 9:17 AM To: [email protected] Subject: [FW-1] Checkpoint Sizing... HELP! Suggestions here would be greatly appreciated. We currently have a userbase of 15,000 users and are running the following: - Checkpoint VPN-1 4.1 SP4 - Stonebeat Fullcluster 2.0 - Two Sun Enterprise 250's, single 300Mhz processor, 1GB RAM, dual 18GB drives with Disksuite Mirroring - One Sun Ultra/2 for a management station - Five DMZs - Websense, running locally on each firewall with the firewall pointing to 127.0.0.1 for UFP Access - About 150 rules - A 6MB upstream/downstream pipe to AT&T We currently see (within stonebeat) about 75%-100% load on both firewalls. If anyone else here has this number of users, how many firewalls do you currently have in place and of what type? We are trying to determine a new architecture which increases performance (substantially) while maintaining high availability. A few of the things we can try today are: - Move Websense off of the firewalls (reduces high availability as 4.1 does not support load balancing across multiple servers) - Purchase two more processors (one for each firewall) so the http security servers can multi-process (don't know how much performance this will actually add) - Upgrade to NG (adds UFP load balancing, but relatively untested and would be going into a very high load environment) Some of the other items we can look into is the purchase of additional firewalls, etc., but we would prefer to hear from people with a similar number of users first to determine how many firewalls we should potentially put in. Any help would be *greatly* appreciated. Thanks! Chris ----------------------------------------------------------------- Chris Labatt-Simon E-MAIL: [email protected] D & D Consulting, Ltd. WEB: http://www.dandd.com Albany, New York PHONE:INTERNET CORE AND SERVICE PROVIDER SERVICES/UNIX/SECURITY/WAN/LAN Authorized Juniper, Extreme Networks, F5 and Cisco Partners ISP/CLEC/LEC Networks at Wire Speed http://www.coreservice.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|