|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint Sizing... HELP!
On Tue, Oct 23, 2001 at 12:16:35PM -0400, Chris Labatt-Simon - D&D Consulting wrote: > We currently have a userbase of 15,000 users and are running the following: > > - Checkpoint VPN-1 4.1 SP4 > - Stonebeat Fullcluster 2.0 > - Two Sun Enterprise 250's, single 300Mhz processor, 1GB RAM, dual 18GB > drives with Disksuite Mirroring > - One Sun Ultra/2 for a management station > - Five DMZs > - Websense, running locally on each firewall with the firewall pointing to > 127.0.0.1 for UFP Access > - About 150 rules > - A 6MB upstream/downstream pipe to AT&T > > - Move Websense off of the firewalls (reduces high availability as 4.1 does > not support load balancing across multiple servers) First, make sure you know what is causing the load; I'd guess it's the HTTP Security Server. You can try to stop using the HTTP Security Server alltogether for some time -- if that helps, then not only move Websense off the firewalls, also stop using UFP, instead use Websense either on your proxy caches or in a proxy chain. Alternatively, you could use UFP caching, which is mentioned in SP-2 release notes; they say there should be a doc "URL Performance Enhancements" at http://www.checkpoint.com/support/technical/. Regards, Hanus Adler -- One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
