Re: [FW-1] Normal Memory Utilization for a Nokia IP330

["Mellor, Derin" <derin.mellor@FW1-NOSPAMDNS.CO.UK>]

Title: Message

Is this box only going straight stateful inspection?

 

What about CP Management?

 

What about floodgate?

 

How are you getting these figures?

 

Have you looked at vmstat -m for the memory being used by the various processes - specifically interested in CP.

 

Have you looked at the memory utilization within fw ctl pstat?

 

Assuming your not pushing the box, you could look at reducing your connection table size - firewall object->Capacity Optimization. Here you can reduce you Max Concurrent connections to 1000, reduce the Hash 1024, Memory pool to 2M, Max Memory pool 2M and VPN to 1 IKE and 8 tunnels.

Having said this I only go down this route when I know I have not option (e.g. getting NG running on IP110 - it only has 64M on RAM)

 

Derin

-----Original Message-----
From: Duda, Nick [mailto:NDuda@EVARE.COM]
Sent: 10 December 2002 19:56
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Normal Memory Utilization for a Nokia IP330

Your saying you have 250-300 users , and logging all traffic  like http, ftp, but not nbt. Doesn't this sound a bit over kill? I would think more cpu spiking than memory if that was the case , can someone verify this?

 

Nick, CCSA

 

-----Original Message-----
From: Nall, Robert [mailto:rnall@CO.RILEY.KS.US]
Sent: Tuesday, December 10, 2002 1:50 PM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Normal Memory Utilization for a Nokia IP330

Only about 25 rules.

 

Logging everything but normal NBT traffic

 

 

We are starting to implement VPNs at remote sites, and I didn't want to overkill this thing just yet...

 

 

-----Original Message-----
From: Duda, Nick [mailto:NDuda@EVARE.COM]
Sent: Tuesday, December 10, 2002 11:30 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Normal Memory Utilization for a Nokia IP330

How's your rulebase? What type of activity is being processed on the firewall?

 

Nick, CCSA

-----Original Message-----
From: Nall, Robert [mailto:rnall@CO.RILEY.KS.US]
Sent: Tuesday, December 10, 2002 11:38 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] Normal Memory Utilization for a Nokia IP330

We have a Nokia IP330 running Checkpoint NG FP3 & latest IPSO.

The issue we have is that the memory utilization is running about 85-90% with only about 250-300 users behind it. I did not know if this was normal or not...

I recently just found out that its memory is only upgradeable to 256 Meg of which I already have installed.

Could anyone elaborate if this is normal, or should I consider upgrading to a bigger box.

Thanks,

__________________________________________
Robert Nall
Network Administrator
Riley County - Information Systems
110 Courthouse Plaza
Manhattan, KS 66502
Phone:
Fax:
rnall@co.riley.ks.us

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately and then delete from your system.  

This footnote also confirms that this email message has been swept 
for the presence of known computer viruses.

**********************************************************************